CVE-2026-32202

Name of the Vulnerable Software and Affected Versions Microsoft Windows versions prior to April 2026

Description A protection mechanism failure in the Windows Shell allows an unauthorized remote attacker to perform spoofing. The issue occurs when a malicious Windows shortcut or LNK path triggers an automatic SMB authentication attempt, which exposes the victim's Net-NTLMv2 hash for potential relay or offline cracking. This can happen without user interaction, such as when a user simply opens a folder containing a malicious shortcut. This flaw has been actively exploited in the wild by the APT28 (Fancy Bear) group targeting Ukraine and EU nations to steal credentials and download malicious code from remote servers.

Recommendations Update Microsoft Windows to the version released in April 2026.