Privilege Escalation Vulnerability in Microsoft Windows Cluster Client Failover
CVE-2026-21251

7.8HIGH

Key Information:

Vendor: Microsoft
Status: Windows Server 2016; Windows Server 2016 (server Core Installation); Windows Server 2019; Windows Server 2019 (server Core Installation)
Vendor: CVE Published:; 10 February 2026

What is CVE-2026-21251?

A vulnerability in Windows Cluster Client Failover could allow an authorized attacker to exploit a use after free scenario, potentially granting them the ability to elevate their privileges locally. This issue, if exploited, can compromise system integrity and security, highlighting the need for prompt patching and addressing cybersecurity hygiene.

Affected Version(s)

Windows Server 2016 (Server Core installation) x64-based Systems 10.0.14393.0 < 10.0.14393.8868

Windows Server 2016 x64-based Systems 10.0.14393.0 < 10.0.14393.8868

Windows Server 2019 (Server Core installation) x64-based Systems 10.0.17763.0 < 10.0.17763.8389

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...

vendor-advisorypatch

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 10, 2026
Vulnerability Reserved
Dec 11, 2025

CVE-2026-21251 Data

JSON