CVE-2026-21519 - PatchNow

Data Source: CIRCL

Confidence: HIGH

Exploitation Method: OTHER

CVE Published: 2026-02-10

Added to CISA KEV: 2026-02-10 0 DAY BETWEEN CVE AND KEV

CRITICAL: Check for indicators of compromise - this vulnerability is in CISA KEV indicating active exploitation in the wild. Review logs, check for unauthorized access, verify system integrity
Apply Microsoft security updates immediately for all affected Windows systems
Monitor for unusual privilege escalation activities on local systems
Implement principle of least privilege to limit impact of successful exploitation
Review endpoint detection and response (EDR) logs for suspicious local privilege escalation attempts

CVE-2026-21519 is a high-severity privilege escalation vulnerability affecting the Microsoft Windows Desktop Window Manager (DWM) ^[1] ^[4].

Type: Type confusion ^[1].
Component: Desktop Window Manager (`dwm.exe`), which handles the composition of the Windows graphical user interface ^[4] ^[2].
Impact: Successful exploitation allows an authorized, local attacker to elevate their privileges on the affected system ^[1]. Reports indicate this can potentially lead to full system control or arbitrary code execution with higher privileges ^[2] ^[4].

Active Exploitation: The vulnerability has been confirmed as exploited in the wild ^[2]. Consequently, it was added to the Cybersecurity and Infrastructure Security Agency (CISA) Known Exploited Vulnerabilities (KEV) Catalog on February 10, 2026 ^[3].
Attack Requirements: Exploitation is local, meaning an attacker must already have some level of authorized access to the system to trigger the vulnerability ^[1].
Exploit Availability: There are reports suggesting that proof-of-concept (PoC) exploit code is available ^[5].
Campaign Usage: While it is a known exploited vulnerability, specific details regarding its use in widespread ransomware campaigns versus targeted espionage operations are not publicly detailed in standard security advisories.

Patch Status: Users should consult the [Microsoft Security Response Center (MSRC) update guide](https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21519) to identify the specific security updates required for their version of Windows.
Recommendation: Given its presence in the CISA KEV catalog, organizations are strongly advised to prioritize patching affected systems to mitigate the risk of privilege escalation.

NVD - CVE-2026-21519
Information Technology Laboratory National Vulnerability Database Vulnerabilities ... Description. Access of resource using incompatible type ('type confusion') in Desktop Window Manager allows an authorized attacker to elevate privileges locally ...
Desktop Window Manager 0-Day Vulnerability Allows Attacker to Elevate ...
Tracked as CVE-2026-21519, this flaw is currently being exploited in the wild, allowing attackers to gain full control over affected systems. The Desktop Window Manager (dwm.exe) is a core Windows system process that renders visual effects on your screen. Such as transparent windows, live taskbar th…
CISA Adds Six Known Exploited Vulnerabilities to Catalog
CISA has added six new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation.
CVE-2026-21519 - Vulnerability Details - OpenCVE
The Desktop Window Manager (DWM) is responsible for compositing the graphical user interface. In affected versions, DWM fails to validate the type of a resource passed to it, leading to a type‑confusion condition. This vulnerability allows an authorized attacker to elevate privileges locally due to…
[VulnRadar] CRITICAL: CVE-2026-21519 #69 - GitHub
🔔 Alert Reason 🔥 EXPLOIT INTEL: CVE-2026-21519 (PoC Available) 🚨 NOW CRITICAL: CVE-2026-21519 Overview Field Value CVE ID CVE-2026-21519 Vendor Microsoft Product Windows CVSS Score 7.8 EPSS Score 1...

🟢 CVE-2026-21519