CVE-2026-21519
Exploited in the Wild
✓ Confirmed 0-Day
★ Google Project Zero
Triaged: Feb. 18, 2026
6 articles
EPSS Score
Source: FIRST.org · 2026-05-24
4.07%
probability
This CVE has a 4.07% probability
of being exploited in the next 30 days.
0%
Top 88.7th percentile of all CVEs
100%
CVSS score unavailable
Neither CIRCL nor NVD returned a CVSS score for this CVE.
View on VulnerabilityLookup ↗
Description
Project ZeroDesktop Window Manager Elevation of Privilege Vulnerability
Attack Intelligence
Google Project Zero
Patched
Feb. 10, 2026
Reported by
Microsoft Threat Intelligence Center (MSTIC) & Microsoft Security Response Center (MSRC)
CISA Adds Six Known Exploited Vulnerabilities to Catalog
CISA-Advisories
Feb 10, 2026
Microsoft Patches 59 Vulnerabilities Including Six Actively Exploited Zero-Days
TheHackerNews
Feb 11, 2026
Microsoft February 2026 Patch Tuesday fixes 6 zero-days, 58 flaws
BleepingComputer
Feb 10, 2026
Microsoft’s February 2026 Patch Tuesday Addresses 54 CVEs (CVE-2026-21510, CVE-2026-21513)
Tenable-Research
Feb 10, 2026
Microsoft Patch Tuesday matches last year’s zero-day high with six actively exploited vulnerabilities
CyberScoop
Feb 10, 2026
CVE-2026-21519 Desktop Window Manager Elevation of Privilege Vulnerability
Microsoft-MSRC
Feb 10, 2026
Signal Intelligence
Confidence
92%
EPSS
4.07%
Mentions
6
Last Seen
Feb 11, 2026
CNA Information
Analyst Note
CVE-2026-21519 is confirmed as a zero-day with active exploitation, featured in Microsoft's February 2026 Patch Tuesday covering six exploited vulnerabilities. The vulnerability affects Windows 10 with a HIGH CVSS score (7.8) and has significant media coverage from credible sources including TheHackerNews, BleepingComputer, and CISA, corroborating active real-world exploitation.
Threat Actors 2
Ice Fog
apt_group
Information theft and espionage
🇨🇳 CN
Nomad Panda
apt_group
Information theft and espionage
🇨🇳 CN
Triage Info
Decided atFeb 18, 2026