CVE-2026-21510

HIGH KEV

Microsoft Windows Shell - Protection Mechanism Failure

Title source: llm
STIX 2.1

Exploitation Summary

CVE-2026-21510 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added February 10, 2026. EIP tracks 6 public exploits from researchers including XiaomingX, adminlove520, ChaitanyaHaritash.

AI-analyzed exploit summary This repository contains a functional SQL injection exploit for WordPress Quiz Maker (CVE-2025-10042), demonstrating time-based blind SQLi via crafted HTTP headers. The PoC includes data extraction logic for WordPress admin credentials and hashes.

Description

Protection mechanism failure in Windows Shell allows an unauthorized attacker to bypass a security feature over a network.

Exploits (6)

github WORKING POC 10 stars
by XiaomingX · pythonpoc
https://github.com/XiaomingX/data-cve-poc-py-v1/tree/main/2026/CVE-2026-21510

This repository contains a functional SQL injection exploit for WordPress Quiz Maker (CVE-2025-10042), demonstrating time-based blind SQLi via crafted HTTP headers. The PoC includes data extraction logic for WordPress admin credentials and hashes.

Classification
Working Poc 95%
Attack Type
Sqli
Complexity
Moderate
Reliability
Reliable
Target: WordPress Quiz Maker <= 6.7.0.56
No auth needed
Prerequisites: target WordPress URL · path to quiz page · vulnerable header (default: X-Forwarded-For)
devstral-2 · analyzed Feb 27, 2026 Full analysis →
github WORKING POC 4 stars
by adminlove520 · pythonpoc
https://github.com/adminlove520/CVE-Poc_All_in_One/tree/main/2026/CVE-2026-21510

This repository contains a functional exploit PoC for CVE-2026-21510, a Windows ShellLink Remote Code Execution vulnerability. The code generates malicious .LNK files with obfuscation, encryption, and anti-forensic techniques to exploit the vulnerability.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Complex
Reliability
Reliable
Target: Windows ShellLink (MS-SHLLINK)
No auth needed
Prerequisites: Python 3.10+ · pycryptodome library · target system with vulnerable Windows ShellLink implementation
devstral-2 · analyzed Jun 02, 2026 Full analysis →
github WORKING POC 3 stars
by ChaitanyaHaritash · pythonpoc
https://github.com/ChaitanyaHaritash/CVE-2026-21514_CVE-2026-21510

This repository contains functional exploit code for CVE-2026-21510 and CVE-2026-21514, focusing on RTF and LNK file generation to bypass Protected View and achieve RCE. The scripts demonstrate technical details of the exploit chain, including obfuscation and payload delivery mechanisms.

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Microsoft Office (specific version not specified)
No auth needed
Prerequisites: Network access to a controlled server hosting the malicious LNK file · Victim interaction to open the crafted RTF document
devstral-2 · analyzed May 17, 2026 Full analysis →
nomisec WRITEUP 1 stars
by andreassudo · poc
https://github.com/andreassudo/CVE-2026-21510-CVSS-8.8-Important-Windows-Shell-security-feature-bypass

This repository contains a detailed writeup for CVE-2026-21510, a Windows Shell security feature bypass vulnerability. It describes the vulnerability, impact, affected systems, and mitigation steps but does not include exploit code.

Classification
Writeup 100%
Attack Type
Other
Complexity
N/a
Reliability
N/a
Target: Windows Shell (explorer.exe and associated libraries)
No auth needed
Prerequisites: User interaction (clicking a malicious link or shortcut)
devstral-2 · analyzed Feb 16, 2026 Full analysis →
github WRITEUP
by XZ1r0 · pythonpoc
https://github.com/XZ1r0/cve-2026-poc-collection/tree/main/windows/CVE-2026-21510-CVSS-8.8-Important-Windows-Shell-security-feature-bypass

This repository provides a detailed technical analysis of CVE-2026-21510, a Windows Shell security feature bypass vulnerability. It includes impact assessment, affected systems, mitigation steps, and references, but lacks actual exploit code.

Classification
Writeup 95%
Attack Type
Other
Complexity
Moderate
Reliability
Theoretical
Target: Windows Shell (Windows 10, 11, Server 2016-2025)
No auth needed
Prerequisites: User interaction (clicking malicious link/shortcut)
devstral-2 · analyzed May 21, 2026 Full analysis →
github WORKING POC
by EpSiLoNPoInTOrI · pythonpoc
https://github.com/EpSiLoNPoInTOrI/EpSiLoNPoInTlnk

This repository contains a functional Python tool for generating malicious .LNK files exploiting CVE-2026-21510, a Windows ShellLink Remote Code Execution vulnerability. It includes advanced obfuscation, payload embedding, and anti-forensic techniques.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Complex
Reliability
Reliable
Target: Windows ShellLink (CVE-2026-21510)
No auth needed
Prerequisites: Python ≥ 3.10 · pycryptodome library · Windows/Linux/macOS for generation
devstral-2 · analyzed May 09, 2026 Full analysis →

References (2)

Core 2

Scores

CVSS v3 8.8
EPSS 0.0714
EPSS Percentile 91.8%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation active
Automatable no
Technical Impact total

Details

CISA KEV 2026-02-10
VulnCheck KEV 2026-02-10
ENISA EUVD EUVD-2026-7337
CWE
CWE-693
Status published
Products (36)
Microsoft/Windows 10 Version 1607 10.0.14393.0 - 10.0.14393.8868
Microsoft/Windows 10 Version 1809 10.0.17763.0 - 10.0.17763.8389
Microsoft/Windows 10 Version 21H2 10.0.19044.0 - 10.0.19044.6937
Microsoft/Windows 10 Version 22H2 10.0.19045.0 - 10.0.19045.6937
Microsoft/Windows 11 version 22H3 10.0.22631.0 - 10.0.22631.6649
Microsoft/Windows 11 Version 23H2 10.0.22631.0 - 10.0.22631.6649
Microsoft/Windows 11 Version 24H2 10.0.26100.0 - 10.0.26100.7840
Microsoft/Windows 11 Version 25H2 10.0.26200.0 - 10.0.26200.7840
Microsoft/Windows 11 version 26H1 10.0.28000.0 - 10.0.28000.1575
Microsoft/Windows 11 Version 26H1 10.0.28000.0 - 10.0.28000.1575
... and 26 more
Published Feb 10, 2026
KEV Added Feb 10, 2026
Tracked Since Feb 18, 2026