cbcvebase.
CVE-2026-21242
published 2026-02-10

CVE-2026-21242: Use after free in Windows Subsystem for Linux allows an authorized attacker to elevate privileges locally.

high7CVSS 3.1
AVLACHPRLUINSUCHIHAH
Use after free in Windows Subsystem for Linux allows an authorized attacker to elevate privileges locally.

Affected

32 ranges· showing 25
VendorProductVersion rangeFixed in
microsoftwindows_10_21h2< 10.0.19044.693710.0.19044.6937
microsoftwindows_10_22h2< 10.0.19045.693710.0.19045.6937
microsoftwindows_10_version_21h2>= 10.0.19044.0 < 10.0.19044.693710.0.19044.6937
microsoftwindows_10_version_22h2>= 10.0.19045.0 < 10.0.19045.693710.0.19045.6937
microsoftwindows_11_23h2< 10.0.22631.664910.0.22631.6649
microsoftwindows_11_24h2< 10.0.26100.778110.0.26100.7781
microsoftwindows_11_25h2< 10.0.26200.778110.0.26200.7781
microsoftwindows_11_version_22h3>= 10.0.22631.0 < 10.0.22631.664910.0.22631.6649
microsoftwindows_11_version_23h2>= 10.0.22631.0 < 10.0.22631.664910.0.22631.6649
microsoftwindows_11_version_24h2>= 10.0.26100.0 < 10.0.26100.784010.0.26100.7840
microsoftwindows_11_version_25h2>= 10.0.26200.0 < 10.0.26200.784010.0.26200.7840
microsoftwindows_11_version_26h1>= 10.0.28000.0 < 10.0.28000.157510.0.28000.1575
microsoftwindows_server_2022< 10.0.20348.471110.0.20348.4711
microsoftwindows_server_2022>= 10.0.20348.0 < 10.0.20348.477310.0.20348.4773
microsoftwindows_server_2022_23h2< 10.0.25398.214910.0.25398.2149
microsoftwindows_server_2025< 10.0.26100.3231310.0.26100.32313
microsoftwindows_server_2025>= 10.0.26100.0 < 10.0.26100.3237010.0.26100.32370
msrcwindows_10_version_21h2_for_arm64-based_systems
msrcwindows_10_version_21h2_for_x64-based_systems
msrcwindows_10_version_22h2_for_arm64-based_systems
msrcwindows_10_version_22h2_for_x64-based_systems
msrcwindows_11_version_23h2_for_arm64-based_systems
msrcwindows_11_version_23h2_for_x64-based_systems
msrcwindows_11_version_24h2_for_arm64-based_systems
msrcwindows_11_version_24h2_for_x64-based_systems