For informational purposes only

CVE-2026-21533 is a local privilege escalation (LPE) vulnerability in the Windows Remote Desktop Services component. Improper privilege management allows an authenticated user to escalate their level of access, up to and including adding a new account to the local Administrators group.

Vulnerability type: LPE
OS: Windows 10 - Windows 11; Windows Server 2012 - Windows Server 2025
Price: 220000$

💬 Discuss

Sale of a 1-day exploit for vulnerability CVE-2026-21533