CVE-2026-21237
HIGHWindows Subsystem for Linux - Privilege Escalation
Title source: llmDescription
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Subsystem for Linux allows an authorized attacker to elevate privileges locally.
Scores
CVSS v3
7.0
EPSS
0.0002
EPSS Percentile
4.5%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Classification
CWE
CWE-416
CWE-362
Status
published
Affected Products (15)
microsoft/windows_10_21h2
< 10.0.19044.6937
microsoft/windows_10_21h2
< 10.0.19044.6937
microsoft/windows_10_21h2
< 10.0.19044.6937
microsoft/windows_10_22h2
< 10.0.19045.6937
microsoft/windows_10_22h2
< 10.0.19045.6937
microsoft/windows_10_22h2
< 10.0.19045.6937
microsoft/windows_11_23h2
< 10.0.22631.6649
microsoft/windows_11_23h2
< 10.0.22631.6649
microsoft/windows_11_24h2
< 10.0.26100.7781
microsoft/windows_11_24h2
< 10.0.26100.7781
microsoft/windows_11_25h2
< 10.0.26200.7781
microsoft/windows_11_25h2
< 10.0.26200.7781
microsoft/windows_server_2022
< 10.0.20348.4711
microsoft/windows_server_2022_23h2
< 10.0.25398.2149
microsoft/windows_server_2025
< 10.0.26100.32313
Timeline
Published
Feb 10, 2026
Tracked Since
Feb 18, 2026