CVE-2026-21251

Опубликовано: 10 фев. 2026

Источник: msrc

CVSS3: 7.8

EPSS Низкий

Описание

Cluster Client Failover (CCF) Elevation of Privilege Vulnerability

Use after free in Windows Cluster Client Failover allows an authorized attacker to elevate privileges locally.

What privileges could be gained by an attacker who successfully exploited this vulnerability?

An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

Продукт	Статья	Обновление
Windows Server 2016	5075999	Security Update
Windows Server 2016 (Server Core installation)	5075999	Security Update
Windows Server 2019	5075904	Security Update
Windows Server 2019 (Server Core installation)	5075904	Security Update
Windows Server 2022	5075906 5075943	Security Update Security Hotpatch Update
Windows Server 2022 (Server Core installation)	5075906 5075943	Security Update Security Hotpatch Update
Windows Server 2022, 23H2 Edition (Server Core installation)	5075897	Security Update
Windows Server 2025	5075899 5075942	Security Update Security Hotpatch Update
Windows Server 2025 (Server Core installation)	5075899 5075942	Security Update Security Hotpatch Update

Показывать по

Publicly Disclosed

Exploited

Latest Software Release

Exploitation Unlikely

EPSS

Процентиль: 10%

0.00034

Низкий

7.8 High

CVSS3

CVE-2026-21251

CVSS3: 7.8

nvd

около 2 месяцев назад

Use after free in Windows Cluster Client Failover allows an authorized attacker to elevate privileges locally.

GHSA-6q2h-rrfg-fm75

CVSS3: 7.8

github

около 2 месяцев назад

Use after free in Windows Cluster Client Failover allows an authorized attacker to elevate privileges locally.

BDU:2026-01806

CVSS3: 7.8

fstec

около 2 месяцев назад

Уязвимость механизма CCF (Cluster Client Failover) операционных систем Windows, позволяющая нарушителю повысить свои привилегии

EPSS

Процентиль: 10%

0.00034

Низкий

7.8 High

CVSS3