Exploitation Summary
EIP tracks 1 public exploit for CVE-2021-26414. PoCs published by Nels2.
AI-analyzed exploit summary This PowerShell script mitigates CVE-2021-26414 by setting registry keys to enforce DCOM activation authentication hardening. It requires admin privileges and auto-restarts the system to apply changes.
Description
Windows DCOM Server Security Feature Bypass
Exploits (1)
nomisec
WORKING POC
by Nels2 · poc
https://github.com/Nels2/dcom_10036_Solver
This PowerShell script mitigates CVE-2021-26414 by setting registry keys to enforce DCOM activation authentication hardening. It requires admin privileges and auto-restarts the system to apply changes.
Classification
Working Poc 90%
Attack Type
Other
Complexity
Trivial
Reliability
Reliable
Target:
Windows DCOM (Distributed Component Object Model)
Auth required
Prerequisites:
Administrator privileges · Windows system with DCOM enabled
MITRE ATT&CK
mistral-large-3 · analyzed Feb 18, 2026
Full analysis →
References (2)
Core 2
Core References
Patch, Vendor Advisory x_refsource_misc
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26414
Third Party Advisory, VDB Entry x_refsource_misc
http://packetstormsecurity.com/files/163206/Windows-Kerberos-AppContainer-Enterprise-Authentication-Capability-Bypass.html
Scores
CVSS v3
4.8
EPSS
0.4997
EPSS Percentile
98.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:N
Details
Status
published
Products (19)
microsoft/windows_10
(2 CPE variants)
microsoft/windows_10
20h2 (3 CPE variants)
microsoft/windows_10
21h1 (3 CPE variants)
microsoft/windows_10
21h2 (3 CPE variants)
microsoft/windows_10
1809 (3 CPE variants)
microsoft/windows_10
1909 (3 CPE variants)
microsoft/windows_10
2004 (3 CPE variants)
microsoft/windows_7
(2 CPE variants)
microsoft/windows_8.1
microsoft/windows_rt_8.1
... and 9 more
Published
Jun 08, 2021
Tracked Since
Feb 18, 2026