CVE-2021-26414

MEDIUM

Windows DCOM - Privilege Escalation

Title source: llm

Description

Windows DCOM Server Security Feature Bypass

Exploits (1)

nomisec WORKING POC

by Nels2 · poc

https://github.com/Nels2/dcom_10036_Solver

View Code ZIP pw:eip

References (2)

Core 2

Core References

Patch, Vendor Advisory x_refsource_misc

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26414

Third Party Advisory, VDB Entry x_refsource_misc

http://packetstormsecurity.com/files/163206/Windows-Kerberos-AppContainer-Enterprise-Authentication-Capability-Bypass.html

Scores

CVSS v3 4.8

EPSS 0.0957

EPSS Percentile 93.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:N

Details

Status published

Products (19)

microsoft/windows_10 (2 CPE variants)

microsoft/windows_10 20h2 (3 CPE variants)

microsoft/windows_10 21h1 (3 CPE variants)

microsoft/windows_10 21h2 (3 CPE variants)

microsoft/windows_10 1809 (3 CPE variants)

microsoft/windows_10 1909 (3 CPE variants)

microsoft/windows_10 2004 (3 CPE variants)

microsoft/windows_7 (2 CPE variants)

microsoft/windows_8.1

microsoft/windows_rt_8.1

... and 9 more

Published Jun 08, 2021

Tracked Since Feb 18, 2026