CVE-2026-21251
published 2026-02-10CVE-2026-21251: Use after free in Windows Cluster Client Failover allows an authorized attacker to elevate privileges locally.
high7.8CVSS 3.1
AVLACLPRLUINSUCHIHAH
Use after free in Windows Cluster Client Failover allows an authorized attacker to elevate privileges locally.
Affected
14 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | windows_server_2016 | < 10.0.14393.8868 | 10.0.14393.8868 |
| microsoft | windows_server_2016 | >= 10.0.14393.0 < 10.0.14393.8868 | 10.0.14393.8868 |
| microsoft | windows_server_2019 | < 10.0.17763.8389 | 10.0.17763.8389 |
| microsoft | windows_server_2019 | >= 10.0.17763.0 < 10.0.17763.8389 | 10.0.17763.8389 |
| microsoft | windows_server_2022 | < 10.0.20348.4711 | 10.0.20348.4711 |
| microsoft | windows_server_2022 | >= 10.0.20348.0 < 10.0.20348.4773 | 10.0.20348.4773 |
| microsoft | windows_server_2022_23h2 | < 10.0.25398.2149 | 10.0.25398.2149 |
| microsoft | windows_server_2025 | < 10.0.26100.32313 | 10.0.26100.32313 |
| microsoft | windows_server_2025 | >= 10.0.26100.0 < 10.0.26100.32370 | 10.0.26100.32370 |
| msrc | windows_server_2016 | — | — |
| msrc | windows_server_2019 | — | — |
| msrc | windows_server_2022 | — | — |
| msrc | windows_server_2022_23h2_edition | — | — |
| msrc | windows_server_2025 | — | — |