CVE-2026-21255

FAQ

What kind of security feature could be bypassed by successfully exploiting this vulnerability?

An attacker who successfully exploited this vulnerability could bypass the Virtualization-based Security feature.

How could an attacker exploit this vulnerability?

Exploitation requires an attacker who already has local execution on a VBS‑enabled guest VM to run a specially crafted application or driver that abuses the hypervisor’s overlay handling to bypass VBS/VTL protections and compromise kernel integrity.

According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?

An exploited vulnerability can affect resources beyond the security scope managed by the security authority of the vulnerable component. In this case, the vulnerable component and the impacted component are different and managed by different security authorities.