Windows NTLM Spoofing Vulnerability in Microsoft Products
CVE-2026-21249

3.3LOW

Key Information:

Vendor: Microsoft
Status: Windows 11 Version 26h1; Windows 11 Version 26h1; Windows 10 Version 1809; Windows Server 2019
Vendor: CVE Published:; 10 February 2026

What is CVE-2026-21249?

The Windows NTLM spoofing vulnerability enables attackers to gain unauthorized local access by manipulating file names or paths. By exploiting this weakness, attackers can craft malicious inputs that lead to authentication spoofing, potentially compromising sensitive information and system integrity. It is essential for users to apply the recommended patches from Microsoft to safeguard against this vulnerability.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Windows 10 Version 1607 32-bit Systems 10.0.14393.0 < 10.0.14393.8868

Windows 10 Version 1809 32-bit Systems 10.0.17763.0 < 10.0.17763.8389

Windows 10 Version 21H2 32-bit Systems 10.0.19044.0 < 10.0.19044.6937

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...

vendor-advisorypatch

CVSS V3.1

Score:

3.3

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Feb 10, 2026
Vulnerability Reserved
Dec 11, 2025

JSON

Microsoft