CyberSec.Space Logo
Back to CVE Browser

CVE-2026-32202

Known Exploited (CISA KEV)MEDIUM
4.3
CVSS Severity Score
EPSS Score41.8840%
EPSS Percentile94.86th
PublishedApr 14, 2026
Last ModifiedMay 26, 2026

Vulnerability Description

Protection mechanism failure in Windows Shell allows an unauthorized attacker to perform spoofing over a network.

Affected Platforms (CPE)

πŸ’»
Microsoft

Windows 10 1607

< 10.0.14393.9060
πŸ’»
Microsoft

Windows 10 1607

< 10.0.14393.9060
πŸ’»
Microsoft

Windows 10 1809

< 10.0.17763.8644
πŸ’»
Microsoft

Windows 10 1809

< 10.0.17763.8644
πŸ’»
Microsoft

Windows 10 21h2

< 10.0.19044.7184
πŸ’»
Microsoft

Windows 10 21h2

< 10.0.19044.7184
πŸ’»
Microsoft

Windows 10 21h2

< 10.0.19044.7184
πŸ’»
Microsoft

Windows 10 22h2

< 10.0.19045.7184
πŸ’»
Microsoft

Windows 10 22h2

< 10.0.19045.7184
πŸ’»
Microsoft

Windows 10 22h2

< 10.0.19045.7184
πŸ’»
Microsoft

Windows 11 23h2

< 10.0.22631.6936
πŸ’»
Microsoft

Windows 11 23h2

< 10.0.22631.6936
πŸ’»
Microsoft

Windows 11 24h2

< 10.0.26100.8246
πŸ’»
Microsoft

Windows 11 24h2

< 10.0.26100.8246
πŸ’»
Microsoft

Windows 11 25h2

< 10.0.26200.8246
πŸ’»
Microsoft

Windows 11 25h2

< 10.0.26200.8246
πŸ’»
Microsoft

Windows 11 26h1

< 10.0.28000.1836
πŸ’»
Microsoft

Windows 11 26h1

< 10.0.28000.1836
πŸ’»
Microsoft

Windows Server 2012

All versions
πŸ’»
Microsoft

Windows Server 2012

= r2
πŸ’»
Microsoft

Windows Server 2016

< 10.0.14393.9060
πŸ’»
Microsoft

Windows Server 2019

< 10.0.17763.8644
πŸ’»
Microsoft

Windows Server 2022

< 10.0.20348.5020
πŸ’»
Microsoft

Windows Server 2022 23h2

< 10.0.25398.2274
πŸ’»
Microsoft

Windows Server 2025

< 10.0.26100.32690

References & Advisories

πŸ”— https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32202
πŸ”— https://www.vicarius.io/vsociety/posts/cve-2026-32202-detection-script-spoofing-vulnerability-in-windows-shell
πŸ”— https://www.vicarius.io/vsociety/posts/cve-2026-32202-mitigation-script-spoofing-vulnerability-in-windows-shell
πŸ”— https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-32202

Related Vulnerabilities

CVE-2017-85899.8

Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 1...

CVE-2017-85439.8

Microsoft Windows XP SP3, Windows XP x64 XP2, Windows Server 2003 SP2, Windows Vista, Windows 7 SP1, Windows Server 2008 SP2 and R...

CVE-2016-71829.8

The Graphics component in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Ser...

CVE-2017-117719.8

The Microsoft Windows Search component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server...