CVE-2026-21519

Опубликовано: 10 фев. 2026

Источник: msrc

CVSS3: 7.8

EPSS Низкий

Описание

Desktop Window Manager Elevation of Privilege Vulnerability

Access of resource using incompatible type ('type confusion') in Desktop Window Manager allows an authorized attacker to elevate privileges locally.

What privileges could be gained by an attacker who successfully exploited this vulnerability?

An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

Продукт	Статья	Обновление
Windows Server 2016	5075999	Security Update
Windows 10 Version 1607 for 32-bit Systems	5075999	Security Update
Windows 10 Version 1607 for x64-based Systems	5075999	Security Update
Windows Server 2016 (Server Core installation)	5075999	Security Update
Windows 10 Version 1809 for 32-bit Systems	5075904	Security Update
Windows 10 Version 1809 for x64-based Systems	5075904	Security Update
Windows Server 2019	5075904	Security Update
Windows Server 2019 (Server Core installation)	5075904	Security Update
Windows Server 2022	5075906 5075943	Security Update Security Hotpatch Update
Windows Server 2022 (Server Core installation)	5075906 5075943	Security Update Security Hotpatch Update

Показывать по

Publicly Disclosed

Exploited

Yes

Latest Software Release

Exploitation Detected

EPSS

Процентиль: 89%

0.0473

Низкий

7.8 High

CVSS3

CVE-2026-21519

CVSS3: 7.8

nvd

около 1 месяца назад

Access of resource using incompatible type ('type confusion') in Desktop Window Manager allows an authorized attacker to elevate privileges locally.

GHSA-h77q-4hph-8vf3

CVSS3: 7.8

github

около 1 месяца назад

Access of resource using incompatible type ('type confusion') in Desktop Window Manager allows an authorized attacker to elevate privileges locally.

BDU:2026-01702

CVSS3: 7.8

fstec

около 1 месяца назад

Уязвимость диспетчера окон рабочего стола (Desktop Window Manager) операционных систем Windows, позволяющая нарушителю повысить свои привилегии

EPSS

Процентиль: 89%

0.0473

Низкий

7.8 High

CVSS3