CVE-2026-21519
Analyzed Analyzed - Analysis Complete
Type Confusion in Desktop Window Manager Enables Local Privilege Escalation

Publication date: 2026-02-10

Last updated on: 2026-02-11

Assigner: Microsoft Corporation

Description
Access of resource using incompatible type ('type confusion') in Desktop Window Manager allows an authorized attacker to elevate privileges locally.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-10
Last Modified
2026-02-11
Generated
2026-05-07
AI Q&A
2026-02-10
EPSS Evaluated
2026-05-05
NVD
CVE-2026-21519
EUVD
EUVD-2026-7358
Affected Vendors & Products
Showing 21 associated CPEs
Vendor Product Version / Range
microsoft windows_10_1607 to 10.0.14393.8868 (exc)
microsoft windows_10_1607 to 10.0.14393.8868 (exc)
microsoft windows_10_1809 to 10.0.17763.8389 (exc)
microsoft windows_server_2016 to 10.0.14393.8868 (exc)
microsoft windows_server_2019 to 10.0.17763.8389 (exc)
microsoft windows_server_2022 to 10.0.20348.4711 (exc)
microsoft windows_server_2025 to 10.0.26100.32313 (exc)
microsoft windows_11_24h2 to 10.0.26100.7781 (exc)
microsoft windows_11_24h2 to 10.0.26100.7781 (exc)
microsoft windows_11_23h2 to 10.0.22631.6649 (exc)
microsoft windows_11_23h2 to 10.0.22631.6649 (exc)
microsoft windows_11_25h2 to 10.0.26200.7781 (exc)
microsoft windows_11_25h2 to 10.0.26200.7781 (exc)
microsoft windows_server_2022_23h2 to 10.0.25398.2149 (exc)
microsoft windows_10_22h2 to 10.0.19045.6937 (exc)
microsoft windows_10_22h2 to 10.0.19045.6937 (exc)
microsoft windows_10_22h2 to 10.0.19045.6937 (exc)
microsoft windows_10_21h2 to 10.0.19044.6937 (exc)
microsoft windows_10_21h2 to 10.0.19044.6937 (exc)
microsoft windows_10_21h2 to 10.0.19044.6937 (exc)
microsoft windows_10_1809 to 10.0.17763.8389 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-843 The product allocates or initializes a resource such as a pointer, object, or variable using one type, but it later accesses that resource using a type that is incompatible with the original type.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

[{'type': 'paragraph', 'content': "This vulnerability involves access of a resource using an incompatible type, also known as 'type confusion', within the Desktop Window Manager component."}, {'type': 'paragraph', 'content': 'It allows an authorized attacker to elevate their privileges locally on the affected system.'}] [1]


How can this vulnerability impact me? :

An attacker who is already authorized on the system can exploit this vulnerability to elevate their privileges.

This means they could gain higher-level access than intended, potentially leading to full control over the affected system.


How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:

I don't know


How can this vulnerability be detected on my network or system? Can you suggest some commands?

I don't know


What immediate steps should I take to mitigate this vulnerability?

I don't know


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart