CVE-2026-21525KEV

Null pointer dereference in Windows Remote Access Connection Manager allows an unauthorized attacker to deny service locally.

Description

Vendor	Product	Versions
microsoft	windows_10_1607	< 10.0.14393.8868, < 10.0.14393.8868, < 10.0.17763.8389, < 10.0.17763.8389, < 10.0.19044.6937, < 10.0.19044.6937, < 10.0.19044.6937, < 10.0.19045.6937, < 10.0.19045.6937, < 10.0.19045.6937, < 10.0.22631.6649, < 10.0.22631.6649, < 10.0.26100.7781, < 10.0.26100.7781, < 10.0.26200.7781, < 10.0.26200.7781, < 10.0.14393.8868, < 10.0.17763.8389, < 10.0.20348.4711, < 10.0.25398.2149, < 10.0.26100.32313

Tier B

JPCERT/CC

→ No new info (linked only)

CVSS 3.16.2 MEDIUM

VectorCVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CISA KEV✅ Yes

Actively exploited✅ Yes

CWECWE-476

Published2/10/2026

Last enriched12h ago

Trending Score82

Source articles1

Independent1

Info Completeness10/14

Missing: epss, patch, iocs, mitre_attack

0 upvotes0 downvotes

No votes yet

State: verified

Confidence: 100%