CVE-2026-32202

Analyzed

Published: 14 Apr 2026, 16:57

Last modified:29 Apr 2026, 03:55

Vulnerability Summary

Overall Risk (default)

low

17/100

CVSS Score

4.3 MEDIUM

v3.1 (cve.org)

EPSS Score

0.09% LOW

0% probability 0.00%

KEV

Listed

CISA

1 listing

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

14 Apr 2026, 16:57

Published

Vulnerability first disclosed

28 Apr 2026, 00:00

Added to CISA KEV

Microsoft Windows Protection Mechanism Failure Vulnerability

29 Apr 2026, 03:55

Last Modified

Vulnerability information updated

12 May 2026, 00:00

CISA Remediation Due

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Description

Protection mechanism failure in Windows Shell allows an unauthorized attacker to perform spoofing over a network.

CVSS Metrics

v3.1•MEDIUM•Score: 4.3CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:F/RL:O/RC:C
v3.1•MEDIUM•Score: 4.3CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

EPSS Trends

Current EPSS score: 0.09%• Percentile: 26%

Techniques & Countermeasures

CWE-693•Protection Mechanism Failure
The product does not use or incorrectly uses a protection mechanism that provides sufficient defense against directed attacks against the product.

Affected Systems

microsoft•windows_10_1607
< 10.0.14393.9060
microsoft•windows_10_1809
< 10.0.17763.8644
microsoft•windows_10_21h2
< 10.0.19044.7184
microsoft•windows_10_22h2
< 10.0.19045.7184
microsoft•windows 10 version 1607
≥ 10.0.14393.0, < 10.0.14393.9060
microsoft•windows 10 version 1809
≥ 10.0.17763.0, < 10.0.17763.8644
microsoft•windows 10 version 21h2
≥ 10.0.19044.0, < 10.0.19044.7184
microsoft•windows 10 version 22h2
≥ 10.0.19045.0, < 10.0.19045.7184
microsoft•windows_11_23h2
< 10.0.22631.6936
microsoft•windows_11_24h2
< 10.0.26100.8246
microsoft•windows_11_25h2
< 10.0.26200.8246
microsoft•windows_11_26h1
< 10.0.28000.1836
microsoft•windows 11 version 22h3
≥ 10.0.22631.0, < 10.0.22631.6936
microsoft•windows 11 version 23h2
≥ 10.0.22631.0, < 10.0.22631.6936
microsoft•windows 11 version 24h2
≥ 10.0.26100.0, < 10.0.26100.32690 | ≥ 10.0.26100.0, < 10.0.26100.8246
microsoft•windows 11 version 25h2
≥ 10.0.26200.0, < 10.0.26200.8246
microsoft•windows 11 version 26h1
≥ 10.0.28000.0, < 10.0.28000.1836
microsoft•windows server 2012
na | r2 | ≥ 6.2.9200.0, < 6.2.9200.26026
microsoft•windows server 2012 r2
≥ 6.3.9600.0, < 6.3.9600.23132
microsoft•windows server 2012 r2 (server core installation)
≥ 6.3.9600.0, < 6.3.9600.23132
microsoft•windows server 2012 (server core installation)
≥ 6.2.9200.0, < 6.2.9200.26026
microsoft•windows server 2016
< 10.0.14393.9060 | ≥ 10.0.14393.0, < 10.0.14393.9060
microsoft•windows server 2016 (server core installation)
≥ 10.0.14393.0, < 10.0.14393.9060
microsoft•windows server 2019
< 10.0.17763.8644 | ≥ 10.0.17763.0, < 10.0.17763.8644
microsoft•windows server 2019 (server core installation)
≥ 10.0.17763.0, < 10.0.17763.8644
microsoft•windows server 2022
< 10.0.20348.5020 | ≥ 10.0.20348.0, < 10.0.20348.5020
microsoft•windows_server_2022_23h2
< 10.0.25398.2274
microsoft•windows server 2022, 23h2 edition (server core installation)
≥ 10.0.25398.0, < 10.0.25398.2274
microsoft•windows server 2025
< 10.0.26100.32690 | ≥ 10.0.26100.0, < 10.0.26100.32690
microsoft•windows server 2025 (server core installation)
≥ 10.0.26100.0, < 10.0.26100.32690