CVE-2026-21519

Name of the Vulnerable Software and Affected Versions Microsoft Windows (affected versions not specified)

Description A type confusion issue in the Desktop Window Manager component allows an authorized attacker to elevate privileges locally. This issue is actively exploited and has been observed in real-world attacks. Successful exploitation allows an attacker to gain SYSTEM-level privileges. The vulnerability affects Windows 10, Windows 11, and Windows Server versions. Approximately an unknown number of devices worldwide are potentially affected. The vulnerability allows a local attacker to escalate from a standard user to SYSTEM without user interaction. Exploitation of this flaw can lead to full system takeover, enabling persistence, data theft, and rapid lateral movement.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.