Spoofing Vulnerability in Windows Shell by Microsoft
CVE-2026-32202

4.3MEDIUM

Key Information:

Vendor

Microsoft
Status
Windows 10 Version 1607
Windows 10 Version 1809
Windows 10 Version 21h2
Windows 10 Version 22h2
Vendor
CVE Published:
14 April 2026

Badges

📈 Trended📈 Score: 4,120💰 Ransomware👾 Exploit Exists🦅 CISA Reported📰 News Worthy

What is CVE-2026-32202?

CVE-2026-32202 is a spoofing vulnerability in the Windows Shell of Microsoft products. Windows Shell serves as the command-line interface and graphical user interface that allows users to interact with the Windows operating system. This particular vulnerability arises from a failure in the protection mechanisms designed to prevent unauthorized actions over a network. If exploited, an attacker could perform spoofing, masquerading as a legitimate entity. This could mislead users or systems into accepting malicious requests as valid, potentially leading to unauthorized access or manipulation of sensitive data within an organization’s infrastructure.

Potential Impact of CVE-2026-32202

  1. Unauthorized Access: Exploitation of this vulnerability can allow attackers to gain unauthorized access to systems or sensitive information, as they could trick users or applications into recognizing them as legitimate entities.

  2. Data Integrity Issues: By spoofing legitimate communications, attackers could alter data being transmitted or processed, leading to potential data corruption or loss. This could undermine the integrity of business operations and decision-making processes.

  3. Network Compromise: As the vulnerability allows spoofing over a network, it could facilitate broader attacks within an organization's infrastructure, potentially leading to further compromises, including installation of malicious software or data theft.

CISA has reported CVE-2026-32202

CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed CVE-2026-32202 as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace as recent news articles suggest the vulnerability is being used by ransomware groups.

The CISA's recommendation is: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Affected Version(s)

Windows 10 Version 1607 32-bit Systems 10.0.14393.0 < 10.0.14393.9060

Windows 10 Version 1809 32-bit Systems 10.0.17763.0 < 10.0.17763.8644

Windows 10 Version 21H2 32-bit Systems 10.0.19044.0 < 10.0.19044.7184

News Articles

favicon imageHelp Net Security

Week in review: High-severity LPE vulnerability in the Linux kernel, cPanel 0-day exploited for months - Help Net Security

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: The AI criminal mastermind is already hiring on gig

2 weeks ago

favicon imageSwapupdate

Microsoft Confirms Active Exploitation of Windows Shell CVE-2026-32202

Ravie LakshmananApr 28, 2026Vulnerability / Threat Intelligence

2 weeks ago

favicon imageComputer World

Windows shell spoofing vulnerability puts sensitive data at risk

A flaw remaining after the February patch of a zero day is already being exploited, and slow patch cycles in both government and enterprises are giving attackers the upper hand.

3 weeks ago

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...
vendor-advisorypatch

EPSS Score

7% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
4.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • 💰

    Used in Ransomware

  • 📈

    Vulnerability started trending

  • 👾

    Exploit known to exist

  • 🦅

    CISA Reported

  • 📰

    First article discovered by The Hacker News

  • Vulnerability published

  • Vulnerability Reserved

.