Denial of Service Vulnerability in Windows Remote Access Connection Manager by Microsoft
CVE-2026-21525
Key Information:
- Vendor
Microsoft
- Status
- Vendor
- CVE Published:
- 10 February 2026
Badges
What is CVE-2026-21525?
A vulnerability in Windows Remote Access Connection Manager has been identified, which could allow an unauthorized attacker to exploit a null pointer dereference, leading to a potential denial of service on affected systems. This flaw can disrupt the normal functionality of services reliant on remote access, effectively denying service to legitimate users. It is crucial for organizations and system administrators to be aware of this vulnerability, apply necessary patches, and implement security best practices to safeguard their infrastructure.
CISA has reported CVE-2026-21525
CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed CVE-2026-21525 as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace
The CISA's recommendation is: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.
Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.
Affected Version(s)
Windows 10 Version 1607 32-bit Systems 10.0.14393.0 < 10.0.14393.8868
Windows 10 Version 1809 32-bit Systems 10.0.17763.0 < 10.0.17763.8389
Windows 10 Version 21H2 32-bit Systems 10.0.19044.0 < 10.0.19044.6937
References
EPSS Score
8% chance of being exploited in the next 30 days.
CVSS V3.1
Timeline
- ๐พ
Exploit known to exist
- ๐ฆ
CISA Reported
Vulnerability published
Vulnerability Reserved