Spoofing Vulnerability in Windows Shell by Microsoft
CVE-2026-32202

4.3MEDIUM

Key Information:

Vendor: Microsoft
Status: Windows 10 Version 1607; Windows 10 Version 1809; Windows 10 Version 21h2; Windows 10 Version 22h2
Vendor: CVE Published:; 14 April 2026

Badges

🔥 Trending now📈 Trended📈 Score: 1,950👾 Exploit Exists🦅 CISA Reported📰 News Worthy

What is CVE-2026-32202?

CVE-2026-32202 is a spoofing vulnerability in the Windows Shell of Microsoft products. Windows Shell serves as the command-line interface and graphical user interface that allows users to interact with the Windows operating system. This particular vulnerability arises from a failure in the protection mechanisms designed to prevent unauthorized actions over a network. If exploited, an attacker could perform spoofing, masquerading as a legitimate entity. This could mislead users or systems into accepting malicious requests as valid, potentially leading to unauthorized access or manipulation of sensitive data within an organization’s infrastructure.

Potential Impact of CVE-2026-32202

Unauthorized Access: Exploitation of this vulnerability can allow attackers to gain unauthorized access to systems or sensitive information, as they could trick users or applications into recognizing them as legitimate entities.
Data Integrity Issues: By spoofing legitimate communications, attackers could alter data being transmitted or processed, leading to potential data corruption or loss. This could undermine the integrity of business operations and decision-making processes.
Network Compromise: As the vulnerability allows spoofing over a network, it could facilitate broader attacks within an organization's infrastructure, potentially leading to further compromises, including installation of malicious software or data theft.

CISA has reported CVE-2026-32202

CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed CVE-2026-32202 as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace

The CISA's recommendation is: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

This is an advertDeploy the Patch

Affected Version(s)

Windows 10 Version 1607 32-bit Systems 10.0.14393.0 < 10.0.14393.9060

Windows 10 Version 1809 32-bit Systems 10.0.17763.0 < 10.0.17763.8644

Windows 10 Version 21H2 32-bit Systems 10.0.19044.0 < 10.0.19044.7184

News Articles

The Hacker News

CVE-2026-32202

Microsoft Confirms Active Exploitation of Windows Shell CVE-2026-32202

CVE-2026-32202 actively exploited after April 27 advisory fix, exposing NTLMv2 hashes via zero-click SMB authentication.

17 hours ago

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...

vendor-advisorypatch

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

📈
Vulnerability started trending
Apr 28, 2026
👾
Exploit known to exist
Apr 28, 2026
🦅
CISA Reported
Apr 28, 2026
📰
First article discovered by The Hacker News
Apr 28, 2026
Vulnerability published
Apr 14, 2026
Vulnerability Reserved
Mar 11, 2026

CVE-2026-32202 Data

JSON

Microsoft