CVE-2026-21237Race Condition in Microsoft Windows 10 Version 21h2

CWE-362Race ConditionCWE-416Use After Free5 documents5 sources
Severity
7.0HIGHNVD
EPSS
0.0%
top 90.72%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
15
Microsoft Windows 10 Version 21h2Microsoft Windows 10 Version 22h2Microsoft Windows 11 Version 22h3+12 more
Timeline
PublishedFeb 10

Description

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Subsystem for Linux allows an authorized attacker to elevate privileges locally.

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.0 | Impact: 5.9

Affected Packages15 packages

NVDmicrosoft/windows< 10.0.20348.4711+2
NVDmicrosoft/windows_10_21h2< 10.0.19044.6937
NVDmicrosoft/windows_10_22h2< 10.0.19045.6937
NVDmicrosoft/windows_11_23h2< 10.0.22631.6649
NVDmicrosoft/windows_11_24h2< 10.0.26100.7781

🔴Vulnerability Details

2
CVEList
Windows Subsystem for Linux Elevation of Privilege Vulnerability2026-02-10
GHSA
GHSA-5rxv-pj8f-g3gq: Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Subsystem for Linux allows an authorized attack2026-02-10

📋Vendor Advisories

1
Microsoft
Windows Subsystem for Linux Elevation of Privilege Vulnerability2026-02-10

🕵️Threat Intelligence

1
Wiz
CVE-2026-21237 Impact, Exploitability, and Mitigation Steps | Wiz
CVE-2026-21237 — Race Condition in Microsoft | cvebase