{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-21236", "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "state": "PUBLISHED", "assignerShortName": "microsoft", "dateReserved": "2025-12-11T21:02:05.734Z", "datePublished": "2026-02-10T17:51:23.374Z", "dateUpdated": "2026-05-11T21:25:21.760Z"}, "containers": {"cna": {"title": "Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability", "datePublic": "2026-02-10T16:00:00.000Z", "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:microsoft:windows_11_26H1:*:*:*:*:*:*:arm64:*", "versionStartIncluding": "10.0.28000.0", "versionEndExcluding": "10.0.28000.1575"}, {"vulnerable": true, "criteria": "cpe:2.3:o:microsoft:windows_11_26H1:*:*:*:*:*:*:x64:*", "versionStartIncluding": "10.0.28000.0", "versionEndExcluding": "10.0.28000.1575"}, {"vulnerable": true, "criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*", "versionStartIncluding": "10.0.17763.0", "versionEndExcluding": "10.0.17763.8389"}, {"vulnerable": true, "criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*", "versionStartIncluding": "10.0.17763.0", "versionEndExcluding": "10.0.17763.8389"}, {"vulnerable": true, "criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*", "versionStartIncluding": "10.0.17763.0", "versionEndExcluding": "10.0.17763.8389"}, {"vulnerable": true, "criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*", "versionStartIncluding": "10.0.20348.0", "versionEndExcluding": "10.0.20348.4773"}, {"vulnerable": true, "criteria": "cpe:2.3:o:microsoft:windows_10_21H2:*:*:*:*:*:*:x86:*", "versionStartIncluding": "10.0.19044.0", "versionEndExcluding": "10.0.19044.6937"}, {"vulnerable": true, "criteria": "cpe:2.3:o:microsoft:windows_10_22H2:*:*:*:*:*:*:x64:*", "versionStartIncluding": "10.0.19045.0", "versionEndExcluding": "10.0.19045.6937"}, {"vulnerable": true, "criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*", "versionStartIncluding": "10.0.26100.0", "versionEndExcluding": "10.0.26100.32370"}, {"vulnerable": true, "criteria": "cpe:2.3:o:microsoft:windows_11_25H2:*:*:*:*:*:*:arm64:*", "versionStartIncluding": "10.0.26200.0", "versionEndExcluding": "10.0.26200.7840"}, {"vulnerable": true, "criteria": "cpe:2.3:o:microsoft:windows_11_23H2:*:*:*:*:*:*:arm64:*", "versionStartIncluding": "10.0.22631.0", "versionEndExcluding": "10.0.22631.6649"}, {"vulnerable": true, "criteria": "cpe:2.3:o:microsoft:windows_11_23H2:*:*:*:*:*:*:x64:*", "versionStartIncluding": "10.0.22631.0", "versionEndExcluding": "10.0.22631.6649"}, {"vulnerable": true, "criteria": "cpe:2.3:o:microsoft:windows_server_23h2:*:*:*:*:*:*:*:*", "versionStartIncluding": "10.0.25398.0", "versionEndExcluding": "10.0.25398.2149"}, {"vulnerable": true, "criteria": "cpe:2.3:o:microsoft:windows_11_24H2:*:*:*:*:*:*:arm64:*", "versionStartIncluding": "10.0.26100.0", "versionEndExcluding": "10.0.26100.7840"}, {"vulnerable": true, "criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*", "versionStartIncluding": "10.0.26100.0", "versionEndExcluding": "10.0.26100.32370"}, {"vulnerable": true, "criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*", "versionStartIncluding": "10.0.14393.0", "versionEndExcluding": "10.0.14393.8868"}, {"vulnerable": true, "criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*", "versionStartIncluding": "10.0.14393.0", "versionEndExcluding": "10.0.14393.8868"}, {"vulnerable": true, "criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*", "versionStartIncluding": "10.0.14393.0", "versionEndExcluding": "10.0.14393.8868"}, {"vulnerable": true, "criteria": "cpe:2.3:o:microsoft:windows_server_2012:*:*:*:*:*:*:x64:*", "versionStartIncluding": "6.2.9200.0", "versionEndExcluding": "6.2.9200.25923"}, {"vulnerable": true, "criteria": "cpe:2.3:o:microsoft:windows_server_2012:*:*:*:*:*:*:x64:*", "versionStartIncluding": "6.2.9200.0", "versionEndExcluding": "6.2.9200.25923"}, {"vulnerable": true, "criteria": "cpe:2.3:o:microsoft:windows_server_2012_R2:*:*:*:*:*:*:x64:*", "versionStartIncluding": "6.3.9600.0", "versionEndExcluding": "6.3.9600.23022"}, {"vulnerable": true, "criteria": "cpe:2.3:o:microsoft:windows_server_2012_R2:*:*:*:*:*:*:x64:*", "versionStartIncluding": "6.3.9600.0", "versionEndExcluding": "6.3.9600.23022"}]}]}], "affected": [{"vendor": "Microsoft", "product": "Windows 10 Version 1607", "platforms": ["32-bit Systems", "x64-based Systems"], "versions": [{"version": "10.0.14393.0", "lessThan": "10.0.14393.8868", "versionType": "custom", "status": "affected"}]}, {"vendor": "Microsoft", "product": "Windows 10 Version 1809", "platforms": ["32-bit Systems", "x64-based Systems"], "versions": [{"version": "10.0.17763.0", "lessThan": "10.0.17763.8389", "versionType": "custom", "status": "affected"}]}, {"vendor": "Microsoft", "product": "Windows 10 Version 21H2", "platforms": ["32-bit Systems", "ARM64-based Systems", "x64-based Systems"], "versions": [{"version": "10.0.19044.0", "lessThan": "10.0.19044.6937", "versionType": "custom", "status": "affected"}]}, {"vendor": "Microsoft", "product": "Windows 10 Version 22H2", "platforms": ["32-bit Systems", "ARM64-based Systems", "x64-based Systems"], "versions": [{"version": "10.0.19045.0", "lessThan": "10.0.19045.6937", "versionType": "custom", "status": "affected"}]}, {"vendor": "Microsoft", "product": "Windows 11 version 22H3", "platforms": ["ARM64-based Systems"], "versions": [{"version": "10.0.22631.0", "lessThan": "10.0.22631.6649", "versionType": "custom", "status": "affected"}]}, {"vendor": "Microsoft", "product": "Windows 11 Version 23H2", "platforms": ["x64-based Systems"], "versions": [{"version": "10.0.22631.0", "lessThan": "10.0.22631.6649", "versionType": "custom", "status": "affected"}]}, {"vendor": "Microsoft", "product": "Windows 11 Version 24H2", "platforms": ["ARM64-based Systems", "x64-based Systems"], "versions": [{"version": "10.0.26100.0", "lessThan": "10.0.26100.7840", "versionType": "custom", "status": "affected"}]}, {"vendor": "Microsoft", "product": "Windows 11 Version 25H2", "versions": [{"version": "10.0.26200.0", "lessThan": "10.0.26200.7840", "versionType": "custom", "status": "affected"}]}, {"vendor": "Microsoft", "product": "Windows 11 version 26H1", "platforms": ["ARM64-based Systems"], "versions": [{"version": "10.0.28000.0", "lessThan": "10.0.28000.1575", "versionType": "custom", "status": "affected"}]}, {"vendor": "Microsoft", "product": "Windows 11 Version 26H1", "versions": [{"version": "10.0.28000.0", "lessThan": "10.0.28000.1575", "versionType": "custom", "status": "affected"}]}, {"vendor": "Microsoft", "product": "Windows Server 2012", "platforms": ["x64-based Systems"], "versions": [{"version": "6.2.9200.0", "lessThan": "6.2.9200.25923", "versionType": "custom", "status": "affected"}]}, {"vendor": "Microsoft", "product": "Windows Server 2012 (Server Core installation)", "platforms": ["x64-based Systems"], "versions": [{"version": "6.2.9200.0", "lessThan": "6.2.9200.25923", "versionType": "custom", "status": "affected"}]}, {"vendor": "Microsoft", "product": "Windows Server 2012 R2", "platforms": ["x64-based Systems"], "versions": [{"version": "6.3.9600.0", "lessThan": "6.3.9600.23022", "versionType": "custom", "status": "affected"}]}, {"vendor": "Microsoft", "product": "Windows Server 2012 R2 (Server Core installation)", "platforms": ["x64-based Systems"], "versions": [{"version": "6.3.9600.0", "lessThan": "6.3.9600.23022", "versionType": "custom", "status": "affected"}]}, {"vendor": "Microsoft", "product": "Windows Server 2016", "platforms": ["x64-based Systems"], "versions": [{"version": "10.0.14393.0", "lessThan": "10.0.14393.8868", "versionType": "custom", "status": "affected"}]}, {"vendor": "Microsoft", "product": "Windows Server 2016 (Server Core installation)", "platforms": ["x64-based Systems"], "versions": [{"version": "10.0.14393.0", "lessThan": "10.0.14393.8868", "versionType": "custom", "status": "affected"}]}, {"vendor": "Microsoft", "product": "Windows Server 2019", "platforms": ["x64-based Systems"], "versions": [{"version": "10.0.17763.0", "lessThan": "10.0.17763.8389", "versionType": "custom", "status": "affected"}]}, {"vendor": "Microsoft", "product": "Windows Server 2019 (Server Core installation)", "platforms": ["x64-based Systems"], "versions": [{"version": "10.0.17763.0", "lessThan": "10.0.17763.8389", "versionType": "custom", "status": "affected"}]}, {"vendor": "Microsoft", "product": "Windows Server 2022", "platforms": ["x64-based Systems"], "versions": [{"version": "10.0.20348.0", "lessThan": "10.0.20348.4773", "versionType": "custom", "status": "affected"}]}, {"vendor": "Microsoft", "product": "Windows Server 2022, 23H2 Edition (Server Core installation)", "platforms": ["x64-based Systems"], "versions": [{"version": "10.0.25398.0", "lessThan": "10.0.25398.2149", "versionType": "custom", "status": "affected"}]}, {"vendor": "Microsoft", "product": "Windows Server 2025", "platforms": ["x64-based Systems"], "versions": [{"version": "10.0.26100.0", "lessThan": "10.0.26100.32370", "versionType": "custom", "status": "affected"}]}, {"vendor": "Microsoft", "product": "Windows Server 2025 (Server Core installation)", "platforms": ["x64-based Systems"], "versions": [{"version": "10.0.26100.0", "lessThan": "10.0.26100.32370", "versionType": "custom", "status": "affected"}]}], "descriptions": [{"value": "Heap-based buffer overflow in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.", "lang": "en-US"}], "problemTypes": [{"descriptions": [{"description": "CWE-122: Heap-based Buffer Overflow", "lang": "en-US", "type": "CWE", "cweId": "CWE-122"}]}], "providerMetadata": {"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft", "dateUpdated": "2026-05-11T21:25:21.760Z"}, "references": [{"name": "Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability", "tags": ["vendor-advisory", "patch"], "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21236"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en-US", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "baseSeverity": "HIGH", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C"}}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-21236", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-02-11T04:55:48.199832Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-26T15:04:03.116Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-21236", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-02-11T04:55:48.199832Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-25T15:43:24.335Z"}}], "cna": {"title": "Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability", "metrics": [{"format": "CVSS", "cvssV3_1": {"version": "3.1", "baseScore": 7.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C"}, "scenarios": [{"lang": "en-US", "value": "GENERAL"}]}], "affected": [{"vendor": "Microsoft", "product": "Windows 10 Version 1607", "versions": [{"status": "affected", "version": "10.0.14393.0", "lessThan": "10.0.14393.8868", "versionType": "custom"}], "platforms": ["32-bit Systems", "x64-based Systems"]}, {"vendor": "Microsoft", "product": "Windows 10 Version 1809", "versions": [{"status": "affected", "version": "10.0.17763.0", "lessThan": "10.0.17763.8389", "versionType": "custom"}], "platforms": ["32-bit Systems", "x64-based Systems"]}, {"vendor": "Microsoft", "product": "Windows 10 Version 21H2", "versions": [{"status": "affected", "version": "10.0.19044.0", "lessThan": "10.0.19044.6937", "versionType": "custom"}], "platforms": ["32-bit Systems", "ARM64-based Systems", "x64-based Systems"]}, {"vendor": "Microsoft", "product": "Windows 10 Version 22H2", "versions": [{"status": "affected", "version": "10.0.19045.0", "lessThan": "10.0.19045.6937", "versionType": "custom"}], "platforms": ["32-bit Systems", "ARM64-based Systems", "x64-based Systems"]}, {"vendor": "Microsoft", "product": "Windows 11 version 22H3", "versions": [{"status": "affected", "version": "10.0.22631.0", "lessThan": "10.0.22631.6649", "versionType": "custom"}], "platforms": ["ARM64-based Systems"]}, {"vendor": "Microsoft", "product": "Windows 11 Version 23H2", "versions": [{"status": "affected", "version": "10.0.22631.0", "lessThan": "10.0.22631.6649", "versionType": "custom"}], "platforms": ["x64-based Systems"]}, {"vendor": "Microsoft", "product": "Windows 11 Version 24H2", "versions": [{"status": "affected", "version": "10.0.26100.0", "lessThan": "10.0.26100.7840", "versionType": "custom"}], "platforms": ["ARM64-based Systems", "x64-based Systems"]}, {"vendor": "Microsoft", "product": "Windows 11 Version 25H2", "versions": [{"status": "affected", "version": "10.0.26200.0", "lessThan": "10.0.26200.7840", "versionType": "custom"}]}, {"vendor": "Microsoft", "product": "Windows 11 version 26H1", "versions": [{"status": "affected", "version": "10.0.28000.0", "lessThan": "10.0.28000.1575", "versionType": "custom"}], "platforms": ["ARM64-based Systems"]}, {"vendor": "Microsoft", "product": "Windows 11 Version 26H1", "versions": [{"status": "affected", "version": "10.0.28000.0", "lessThan": "10.0.28000.1575", "versionType": "custom"}]}, {"vendor": "Microsoft", "product": "Windows Server 2012", "versions": [{"status": "affected", "version": "6.2.9200.0", "lessThan": "6.2.9200.25923", "versionType": "custom"}], "platforms": ["x64-based Systems"]}, {"vendor": "Microsoft", "product": "Windows Server 2012 (Server Core installation)", "versions": [{"status": "affected", "version": "6.2.9200.0", "lessThan": "6.2.9200.25923", "versionType": "custom"}], "platforms": ["x64-based Systems"]}, {"vendor": "Microsoft", "product": "Windows Server 2012 R2", "versions": [{"status": "affected", "version": "6.3.9600.0", "lessThan": "6.3.9600.23022", "versionType": "custom"}], "platforms": ["x64-based Systems"]}, {"vendor": "Microsoft", "product": "Windows Server 2012 R2 (Server Core installation)", "versions": [{"status": "affected", "version": "6.3.9600.0", "lessThan": "6.3.9600.23022", "versionType": "custom"}], "platforms": ["x64-based Systems"]}, {"vendor": "Microsoft", "product": "Windows Server 2016", "versions": [{"status": "affected", "version": "10.0.14393.0", "lessThan": "10.0.14393.8868", "versionType": "custom"}], "platforms": ["x64-based Systems"]}, {"vendor": "Microsoft", "product": "Windows Server 2016 (Server Core installation)", "versions": [{"status": "affected", "version": "10.0.14393.0", "lessThan": "10.0.14393.8868", "versionType": "custom"}], "platforms": ["x64-based Systems"]}, {"vendor": "Microsoft", "product": "Windows Server 2019", "versions": [{"status": "affected", "version": "10.0.17763.0", "lessThan": "10.0.17763.8389", "versionType": "custom"}], "platforms": ["x64-based Systems"]}, {"vendor": "Microsoft", "product": "Windows Server 2019 (Server Core installation)", "versions": [{"status": "affected", "version": "10.0.17763.0", "lessThan": "10.0.17763.8389", "versionType": "custom"}], "platforms": ["x64-based Systems"]}, {"vendor": "Microsoft", "product": "Windows Server 2022", "versions": [{"status": "affected", "version": "10.0.20348.0", "lessThan": "10.0.20348.4773", "versionType": "custom"}], "platforms": ["x64-based Systems"]}, {"vendor": "Microsoft", "product": "Windows Server 2022, 23H2 Edition (Server Core installation)", "versions": [{"status": "affected", "version": "10.0.25398.0", "lessThan": "10.0.25398.2149", "versionType": "custom"}], "platforms": ["x64-based Systems"]}, {"vendor": "Microsoft", "product": "Windows Server 2025", "versions": [{"status": "affected", "version": "10.0.26100.0", "lessThan": "10.0.26100.32370", "versionType": "custom"}], "platforms": ["x64-based Systems"]}, {"vendor": "Microsoft", "product": "Windows Server 2025 (Server Core installation)", "versions": [{"status": "affected", "version": "10.0.26100.0", "lessThan": "10.0.26100.32370", "versionType": "custom"}], "platforms": ["x64-based Systems"]}], "datePublic": "2026-02-10T16:00:00.000Z", "references": [{"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21236", "name": "Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability", "tags": ["vendor-advisory", "patch"]}], "descriptions": [{"lang": "en-US", "value": "Heap-based buffer overflow in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally."}], "problemTypes": [{"descriptions": [{"lang": "en-US", "type": "CWE", "cweId": "CWE-122", "description": "CWE-122: Heap-based Buffer Overflow"}]}], "cpeApplicability": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows_11_26H1:*:*:*:*:*:*:arm64:*", "vulnerable": true, "versionEndExcluding": "10.0.28000.1575", "versionStartIncluding": "10.0.28000.0"}, {"criteria": "cpe:2.3:o:microsoft:windows_11_26H1:*:*:*:*:*:*:x64:*", "vulnerable": true, "versionEndExcluding": "10.0.28000.1575", "versionStartIncluding": "10.0.28000.0"}, {"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*", "vulnerable": true, "versionEndExcluding": "10.0.17763.8389", "versionStartIncluding": "10.0.17763.0"}, {"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "10.0.17763.8389", "versionStartIncluding": "10.0.17763.0"}, {"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "10.0.17763.8389", "versionStartIncluding": "10.0.17763.0"}, {"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "10.0.20348.4773", "versionStartIncluding": "10.0.20348.0"}, {"criteria": "cpe:2.3:o:microsoft:windows_10_21H2:*:*:*:*:*:*:x86:*", "vulnerable": true, "versionEndExcluding": "10.0.19044.6937", "versionStartIncluding": "10.0.19044.0"}, {"criteria": "cpe:2.3:o:microsoft:windows_10_22H2:*:*:*:*:*:*:x64:*", "vulnerable": true, "versionEndExcluding": "10.0.19045.6937", "versionStartIncluding": "10.0.19045.0"}, {"criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "10.0.26100.32370", "versionStartIncluding": "10.0.26100.0"}, {"criteria": "cpe:2.3:o:microsoft:windows_11_25H2:*:*:*:*:*:*:arm64:*", "vulnerable": true, "versionEndExcluding": "10.0.26200.7840", "versionStartIncluding": "10.0.26200.0"}, {"criteria": "cpe:2.3:o:microsoft:windows_11_23H2:*:*:*:*:*:*:arm64:*", "vulnerable": true, "versionEndExcluding": "10.0.22631.6649", "versionStartIncluding": "10.0.22631.0"}, {"criteria": "cpe:2.3:o:microsoft:windows_11_23H2:*:*:*:*:*:*:x64:*", "vulnerable": true, "versionEndExcluding": "10.0.22631.6649", "versionStartIncluding": "10.0.22631.0"}, {"criteria": "cpe:2.3:o:microsoft:windows_server_23h2:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "10.0.25398.2149", "versionStartIncluding": "10.0.25398.0"}, {"criteria": "cpe:2.3:o:microsoft:windows_11_24H2:*:*:*:*:*:*:arm64:*", "vulnerable": true, "versionEndExcluding": "10.0.26100.7840", "versionStartIncluding": "10.0.26100.0"}, {"criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "10.0.26100.32370", "versionStartIncluding": "10.0.26100.0"}, {"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*", "vulnerable": true, "versionEndExcluding": "10.0.14393.8868", "versionStartIncluding": "10.0.14393.0"}, {"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "10.0.14393.8868", "versionStartIncluding": "10.0.14393.0"}, {"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "10.0.14393.8868", "versionStartIncluding": "10.0.14393.0"}, {"criteria": "cpe:2.3:o:microsoft:windows_server_2012:*:*:*:*:*:*:x64:*", "vulnerable": true, "versionEndExcluding": "6.2.9200.25923", "versionStartIncluding": "6.2.9200.0"}, {"criteria": "cpe:2.3:o:microsoft:windows_server_2012:*:*:*:*:*:*:x64:*", "vulnerable": true, "versionEndExcluding": "6.2.9200.25923", "versionStartIncluding": "6.2.9200.0"}, {"criteria": "cpe:2.3:o:microsoft:windows_server_2012_R2:*:*:*:*:*:*:x64:*", "vulnerable": true, "versionEndExcluding": "6.3.9600.23022", "versionStartIncluding": "6.3.9600.0"}, {"criteria": "cpe:2.3:o:microsoft:windows_server_2012_R2:*:*:*:*:*:*:x64:*", "vulnerable": true, "versionEndExcluding": "6.3.9600.23022", "versionStartIncluding": "6.3.9600.0"}], "operator": "OR"}]}], "providerMetadata": {"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft", "dateUpdated": "2026-05-11T18:10:00.890Z"}}}, "cveMetadata": {"cveId": "CVE-2026-21236", "state": "PUBLISHED", "dateUpdated": "2026-05-11T18:10:00.890Z", "dateReserved": "2025-12-11T21:02:05.734Z", "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "datePublished": "2026-02-10T17:51:23.374Z", "assignerShortName": "microsoft"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*", "matchCriteriaId": "E78A20FD-B910-43DF-BE89-E971E2FD0049", "versionEndExcluding": "10.0.14393.8868", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*", "matchCriteriaId": "B941280B-97F6-4F60-80A3-40482A74488D", "versionEndExcluding": "10.0.14393.8868", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*", "matchCriteriaId": "C09C54DA-6AB0-4696-A2F2-C11CFC292EA9", "versionEndExcluding": "10.0.17763.8389", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*", "matchCriteriaId": "369B4E41-3895-4CB7-BD37-D2E4A4D52FB9", "versionEndExcluding": "10.0.17763.8389", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:arm64:*", "matchCriteriaId": "EDB3FD9A-2786-4EC1-8989-2B0D054E0307", "versionEndExcluding": "10.0.19044.6937", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x64:*", "matchCriteriaId": "893DBA65-116B-4AE0-80E1-50458CB5FDAD", "versionEndExcluding": "10.0.19044.6937", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x86:*", "matchCriteriaId": "37E2BFF1-28C0-4FA0-9A6C-020146E4AD54", "versionEndExcluding": "10.0.19044.6937", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:arm64:*", "matchCriteriaId": "3ABF7E9C-769A-4330-AD97-FE3CD766E577", "versionEndExcluding": "10.0.19045.6937", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x64:*", "matchCriteriaId": "F54B0C64-9A1F-470B-9824-322CF362507F", "versionEndExcluding": "10.0.19045.6937", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x86:*", "matchCriteriaId": "A5BD3F0C-1E6F-4937-806C-B87CA19C2830", "versionEndExcluding": "10.0.19045.6937", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:arm64:*", "matchCriteriaId": "B273EF5A-3157-4842-AE91-CEC289813902", "versionEndExcluding": "10.0.22631.6649", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:x64:*", "matchCriteriaId": "CD2513FC-D399-4DBF-921F-13B4D1497127", "versionEndExcluding": "10.0.22631.6649", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:arm64:*", "matchCriteriaId": "B08450A0-0F7E-4A05-8989-900221992766", "versionEndExcluding": "10.0.26100.7781", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:x64:*", "matchCriteriaId": "9D30B348-DAE7-43EC-85FA-38E1715258A9", "versionEndExcluding": "10.0.26100.7781", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_11_25h2:*:*:*:*:*:*:arm64:*", "matchCriteriaId": "8F23FFCF-9C69-4D27-AF21-D09A6041AA3A", "versionEndExcluding": "10.0.26200.7781", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_11_25h2:*:*:*:*:*:*:x64:*", "matchCriteriaId": "D1D93202-BDDB-438F-934E-1FE904B3651B", "versionEndExcluding": "10.0.26200.7781", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*", "matchCriteriaId": "E21BC97D-1C11-41FD-9A20-34A2BC535BD9", "versionEndExcluding": "10.0.14393.8868", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*", "matchCriteriaId": "B6E3E93E-8160-4BFB-B5CB-85740922CF7E", "versionEndExcluding": "10.0.17763.8389", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*", "matchCriteriaId": "9E19FC4B-C3CC-4924-9A0B-5E4F100280D4", "versionEndExcluding": "10.0.20348.4711", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*", "matchCriteriaId": "F0EA3C51-C3FE-494A-92D9-D3B1C301CB54", "versionEndExcluding": "10.0.25398.2149", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*", "matchCriteriaId": "33AF95F4-504F-40EF-9F64-5D6F7B40114F", "versionEndExcluding": "10.0.26100.32313", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Heap-based buffer overflow in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally."}], "id": "CVE-2026-21236", "lastModified": "2026-02-11T21:07:23.287", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "secure@microsoft.com", "type": "Primary"}]}, "published": "2026-02-10T18:16:24.250", "references": [{"source": "secure@microsoft.com", "tags": ["Vendor Advisory"], "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21236"}], "sourceIdentifier": "secure@microsoft.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-122"}], "source": "secure@microsoft.com", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-787"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": ["32-bit_systems", "x64-based_systems"], "status": "affected", "versions": {"scheme": "generic", "value": "[10.0.14393.0,10.0.14393.8868)"}}], "product": "windows_10_1607", "vendor": "microsoft"}, {"configurations": [{"platform": ["32-bit_systems", "x64-based_systems"], "status": "affected", "versions": {"scheme": "generic", "value": "[10.0.17763.0,10.0.17763.8389)"}}], "product": "windows_10_1809", "vendor": "microsoft"}, {"configurations": [{"platform": ["32-bit_systems", "arm64-based_systems", "x64-based_systems"], "status": "affected", "versions": {"scheme": "generic", "value": "[10.0.19044.0,10.0.19044.6937)"}}], "product": "windows_10_21h2", "vendor": "microsoft"}, {"configurations": [{"platform": ["x64-based_systems", "arm64-based_systems", "32-bit_systems"], "status": "affected", "versions": {"scheme": "generic", "value": "[10.0.19045.0,10.0.19045.6937)"}}], "product": "windows_10_22h2", "vendor": "microsoft"}, {"configurations": [{"platform": ["arm64-based_systems"], "status": "affected", "versions": {"scheme": "generic", "value": "[10.0.22631.0,10.0.22631.6649)"}}], "product": "windows_11_22h3", "vendor": "microsoft"}, {"configurations": [{"platform": ["x64-based_systems"], "status": "affected", "versions": {"scheme": "generic", "value": "[10.0.22631.0,10.0.22631.6649)"}}], "product": "windows_11_23h2", "vendor": "microsoft"}, {"configurations": [{"platform": ["arm64-based_systems", "x64-based_systems"], "status": "affected", "versions": {"scheme": "generic", "value": "[10.0.26100.0,10.0.26100.32370)"}}], "product": "windows_11_24h2", "vendor": "microsoft"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[10.0.26200.0,10.0.26200.7840)"}}], "product": "windows_11_25h2", "vendor": "microsoft"}, {"configurations": [{"platform": ["arm64-based_systems"], "status": "affected", "versions": {"scheme": "generic", "value": "[10.0.28000.0,10.0.28000.1575)"}}], "product": "windows_11_26h1", "vendor": "microsoft"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[10.0.28000.0,10.0.28000.1575)"}}], "product": "windows_11_26h1", "vendor": "microsoft"}, {"configurations": [{"platform": ["x64-based_systems"], "status": "affected", "versions": {"scheme": "generic", "value": "[6.2.9200.0,6.2.9200.25923)"}}], "product": "windows_server_2012", "vendor": "microsoft"}, {"configurations": [{"platform": ["x64-based_systems"], "status": "affected", "versions": {"scheme": "generic", "value": "[6.2.9200.0,6.2.9200.25923)"}}], "product": "windows_server_2012_(server_core_installation)", "vendor": "microsoft"}, {"configurations": [{"platform": ["x64-based_systems"], "status": "affected", "versions": {"scheme": "generic", "value": "[6.3.9600.0,6.3.9600.23022)"}}], "product": "windows_server_2012_r2", "vendor": "microsoft"}, {"configurations": [{"platform": ["x64-based_systems"], "status": "affected", "versions": {"scheme": "generic", "value": "[6.3.9600.0,6.3.9600.23022)"}}], "product": "windows_server_2012_r2_(server_core_installation)", "vendor": "microsoft"}, {"configurations": [{"platform": ["x64-based_systems"], "status": "affected", "versions": {"scheme": "generic", "value": "[10.0.14393.0,10.0.14393.8868)"}}], "product": "windows_server_2016", "vendor": "microsoft"}, {"configurations": [{"platform": ["x64-based_systems"], "status": "affected", "versions": {"scheme": "generic", "value": "[10.0.14393.0,10.0.14393.8868)"}}], "product": "windows_server_2016_(server_core_installation)", "vendor": "microsoft"}, {"configurations": [{"platform": ["x64-based_systems"], "status": "affected", "versions": {"scheme": "generic", "value": "[10.0.17763.0,10.0.17763.8389)"}}], "product": "windows_server_2019", "vendor": "microsoft"}, {"configurations": [{"platform": ["x64-based_systems"], "status": "affected", "versions": {"scheme": "generic", "value": "[10.0.17763.0,10.0.17763.8389)"}}], "product": "windows_server_2019_(server_core_installation)", "vendor": "microsoft"}, {"configurations": [{"platform": ["x64-based_systems"], "status": "affected", "versions": {"scheme": "generic", "value": "[10.0.25398.0,10.0.25398.2149)"}}], "product": "windows_server_2022", "vendor": "microsoft"}, {"configurations": [{"platform": ["x64-based_systems"], "status": "affected", "versions": {"scheme": "generic", "value": "[10.0.20348.0,10.0.20348.4773)"}}], "product": "windows_server_2022", "vendor": "microsoft"}, {"configurations": [{"platform": ["x64-based_systems"], "status": "affected", "versions": {"scheme": "generic", "value": "[10.0.25398.0,10.0.25398.2149)"}}], "product": "windows_server_2022,_23h2_edition_(server_core_installation)", "vendor": "microsoft"}, {"configurations": [{"platform": ["x64-based_systems"], "status": "affected", "versions": {"scheme": "generic", "value": "[10.0.26100.0,10.0.26100.32370)"}}], "product": "windows_server_2025", "vendor": "microsoft"}, {"configurations": [{"platform": ["x64-based_systems"], "status": "affected", "versions": {"scheme": "generic", "value": "[10.0.26100.0,10.0.26100.32370)"}}], "product": "windows_server_2025_(server_core_installation)", "vendor": "microsoft"}], "analysis": {"en": {"generated_at": "2026-04-15T17:25:55.500663+00:00", "value": {"mitigation_remediation": ["Install the latest Microsoft security update that addresses CVE\u20112026\u201121236 as the first priority.", "If a patch is temporarily unavailable, use least privilege practices to restrict which local users can load drivers\u2014consider disabling or limiting WinSock ancillary driver usage through Group Policy or registry configuration.", "Increase monitoring of local security logs for evidence of attempted privilege escalation or anomalous driver activity, and isolate affected systems from untrusted sources while remediation is pending."], "summary": {"action": "Immediate Patch", "impact": "Local Privilege Escalation"}, "threat_synthesis": {"affected_systems": "Affected operating systems include Microsoft Windows 10 versions 1607, 1809, 21H2, and 22H2; Microsoft Windows 11 versions 23H2, 24H2, 25H2, 26H1, 22H3, and 26H1; and Microsoft Windows Server releases 2012, 2012\u202fR2, 2016, 2019, 2022, 2025, and the 23H2 Edition. The affected builds cover x86, x64, and arm64 architectures, including Core installations where applicable.", "description_and_impact": "The vulnerability is a heap\u2010based buffer overflow in the Windows Ancillary Function Driver for WinSock that allows an attacker with local access to elevate privileges. This relates to CWE\u2011122 (heap overflow) and CWE\u2011787 (out\u2011of\u2011bounds write) and can enable a user to gain higher privileges on the affected machine, potentially compromising confidentiality, integrity, or availability of the system.", "risk_and_exploitability": "The CVSS score of 7.8 indicates high severity, while the EPSS score of <1% suggests a low probability of widespread exploitation. The issue is not listed in the CISA KEV catalog. Based on the description, the likely attack vector is local; an attacker must already have some level of local access to load or interact with the driver. Once exploited, the attacker can raise privileges on the target system, potentially enabling further attacks or persistence."}}}}, "created": "2026-02-12T12:32:05.505303+00:00", "updated": "2026-04-15T17:45:10.828753+00:00", "vendors": ["microsoft", "microsoft$PRODUCT$windows_10_1607", "microsoft$PRODUCT$windows_10_1809", "microsoft$PRODUCT$windows_10_21h2", "microsoft$PRODUCT$windows_10_22h2", "microsoft$PRODUCT$windows_11_22h3", "microsoft$PRODUCT$windows_11_23h2", "microsoft$PRODUCT$windows_11_24h2", "microsoft$PRODUCT$windows_11_25h2", "microsoft$PRODUCT$windows_11_26h1", "microsoft$PRODUCT$windows_server_2012", "microsoft$PRODUCT$windows_server_2012_(server_core_installation)", "microsoft$PRODUCT$windows_server_2012_r2", "microsoft$PRODUCT$windows_server_2012_r2_(server_core_installation)", "microsoft$PRODUCT$windows_server_2016", "microsoft$PRODUCT$windows_server_2016_(server_core_installation)", "microsoft$PRODUCT$windows_server_2019", "microsoft$PRODUCT$windows_server_2019_(server_core_installation)", "microsoft$PRODUCT$windows_server_2022", "microsoft$PRODUCT$windows_server_2022,_23h2_edition_(server_core_installation)", "microsoft$PRODUCT$windows_server_2025", "microsoft$PRODUCT$windows_server_2025_(server_core_installation)"]}