CVE-2026-21234

CWE-362Race Condition5 documents5 sources
Severity
7.0HIGH
EPSS
0.0%
top 90.74%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
20
Microsoft Windows 10 Version 1809Microsoft Windows 10 Version 21h2Microsoft Windows 10 Version 22h2+17 more
Timeline
PublishedFeb 10

Description

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Connected Devices Platform Service allows an authorized attacker to elevate privileges locally.

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.0 | Impact: 5.9

Affected Packages20 packages

NVDmicrosoft/windows< 10.0.17763.8389+3
NVDmicrosoft/windows_10_1809< 10.0.17763.8389
NVDmicrosoft/windows_10_21h2< 10.0.19044.6937
NVDmicrosoft/windows_10_22h2< 10.0.19045.6937
NVDmicrosoft/windows_11_23h2< 10.0.22631.6649

🔴Vulnerability Details

2
GHSA
GHSA-545g-3772-4wwv: Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Connected Devices Platform Service allows an au2026-02-10
CVEList
Windows Connected Devices Platform Service Elevation of Privilege Vulnerability2026-02-10

📋Vendor Advisories

1
Microsoft
Windows Connected Devices Platform Service Elevation of Privilege Vulnerability2026-02-10

🕵️Threat Intelligence

1
Wiz
CVE-2026-21234 Impact, Exploitability, and Mitigation Steps | Wiz
CVE-2026-21234 (HIGH CVSS 7) | Concurrent execution using shared r | cvebase.io