CVE-2021-26415
HIGHWindows Installer - Elevation of Privilege via Improper Input Validation
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2021-26415. PoCs published by adenkiewicz.
AI-analyzed exploit summary This repository references a PoC for CVE-2021-26415, a local privilege escalation vulnerability in Windows, leveraging symbolic link manipulation via the BaitAndSwitch tool. It points to an external blog post for technical details and a GitHub repo for the compiled exploit.
Description
Windows Installer Elevation of Privilege Vulnerability
Exploits (1)
nomisec
WRITEUP
4 stars
by adenkiewicz · poc
https://github.com/adenkiewicz/CVE-2021-26415
This repository references a PoC for CVE-2021-26415, a local privilege escalation vulnerability in Windows, leveraging symbolic link manipulation via the BaitAndSwitch tool. It points to an external blog post for technical details and a GitHub repo for the compiled exploit.
Classification
Writeup 80%
Attack Type
Lpe
Complexity
Moderate
Reliability
Reliable
Target:
Microsoft Windows
Auth required
Prerequisites:
Local access to the target system · Ability to execute arbitrary code
MITRE ATT&CK
devstral-2 · analyzed Feb 18, 2026
Full analysis →
References (2)
Core 2
Core References
Patch, Vendor Advisory x_refsource_misc
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26415
Third Party Advisory x_refsource_misc
https://www.zerodayinitiative.com/advisories/ZDI-21-409/
Scores
CVSS v3
7.8
EPSS
0.0357
EPSS Percentile
87.9%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-20
Status
published
Products (19)
microsoft/windows_10
microsoft/windows_10
20h2
microsoft/windows_10
1607
microsoft/windows_10
1803
microsoft/windows_10
1809
microsoft/windows_10
1909
microsoft/windows_10
2004
microsoft/windows_7
microsoft/windows_8.1
microsoft/windows_rt_8.1
... and 9 more
Published
Apr 13, 2021
Tracked Since
Feb 18, 2026