CVE-2026-21519KEV

Access of resource using incompatible type ('type confusion') in Desktop Window Manager allows an authorized attacker to elevate privileges locally.

Description

Vendor	Product	Versions
microsoft	windows_10_1607	< 10.0.14393.8868, < 10.0.14393.8868, < 10.0.17763.8389, < 10.0.17763.8389, < 10.0.19044.6937, < 10.0.19044.6937, < 10.0.19044.6937, < 10.0.19045.6937, < 10.0.19045.6937, < 10.0.19045.6937, < 10.0.22631.6649, < 10.0.22631.6649, < 10.0.26100.7781, < 10.0.26100.7781, < 10.0.26200.7781, < 10.0.26200.7781, < 10.0.14393.8868, < 10.0.17763.8389, < 10.0.20348.4711, < 10.0.25398.2149, < 10.0.26100.32313

Tier B

JPCERT/CC

→ No new info (linked only)

CVSS 3.17.8 HIGH

VectorCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA KEV✅ Yes

Actively exploited✅ Yes

CWECWE-843

Published2/10/2026

Last enriched12h ago

Trending Score86

Source articles1

Independent1

Info Completeness10/14

Missing: epss, patch, iocs, mitre_attack

0 upvotes0 downvotes

No votes yet

State: verified

Confidence: 100%