Microsoft · Windows Storage · CVE-2026-21508
**Name of the Vulnerable Software and Affected Versions**
Windows (affected versions not specified)
**Description**
An improper authentication issue in Windows Storage can allow an attacker to elevate privileges locally. The issue involves forcing a system process utilizing the undocumented function `Windows Storage! SHCoCreateInstance` to create an arbitrary COM object. This is achieved by manipulating the first argument of a `CoCreateInstance` call. The vulnerability requires the COM object to be associated with a registered COM class supporting `CLSCTX INPROC SERVER`.
**Recommendations**
At the moment, there is no information about a newer version that contains a fix for this vulnerability.