Windows Shell Security Feature Bypass Vulnerability

Description

Protection mechanism failure in Windows Shell allows an unauthorized attacker to bypass a security feature over a network.

Affected Products

Vendor	Product	Versions
microsoft	windows_10_1607	10.0.14393.0, 10.0.17763.0, 10.0.19044.0, 10.0.19045.0, 10.0.22631.0, 10.0.22631.0, 10.0.26100.0, 10.0.26200.0, 10.0.28000.0, 10.0.28000.0, 6.2.9200.0, 6.2.9200.0, 6.3.9600.0, 6.3.9600.0, 10.0.14393.0, 10.0.14393.0, 10.0.17763.0, 10.0.17763.0, 10.0.20348.0, 10.0.25398.0, 10.0.26100.0, 10.0.26100.0

Also Affects

Downstream vendors/products affected by this vulnerability

Vendor	Product	Source	Confidence
microsoft	windows_server_2016	cve_cpe	95%
microsoft	windows_server_2019	cve_cpe	95%
microsoft	windows_11_24h2	cve_cpe	95%
microsoft	windows_11_25h2	cve_cpe	95%
microsoft	windows_server_2012	cve_cpe	95%

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21510(vendor-advisory, patch)

Related News (5 articles)

Tier B

JPCERT/CC

Security Alert: Microsoft Releases February 2026 Security Updates

→ No new info (linked only)

Tier D

Help Net Security8d ago

Week in review: High-severity LPE vulnerability in the Linux kernel, cPanel 0-day exploited for months

→ No new info (linked only)

Tier D

BleepingComputer12d ago

CISA orders feds to patch Windows flaw exploited as zero-day

→ No new info (linked only)

Tier D

Heise Security13d ago

Windows-Shell-Lücke wird angegriffen

→ No new info (linked only)

Tier D

SecurityWeek14d ago

Incomplete Windows Patch Opens Door to Zero-Click Attacks

→ No new info (linked only)

CVSS 3.18.8 HIGH

VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C

CISA KEV✅ Yes

Actively exploited✅ Yes

Patch available

10.0.14393.886810.0.17763.838910.0.19044.693710.0.19045.693710.0.22631.664910.0.26100.778110.0.26200.778110.0.20348.471110.0.25398.214910.0.26100.32313

CWECWE-693

PublishedFeb 10, 2026

Last enriched13d agov4