CVEFinder.io

CVE-2026-21530

🔶 medium
🔍 Scan for this CVE
Summary

Double free in Windows Rich Text Edit allows an authorized attacker to elevate privileges locally.

CVSS Score
6.7
Medium
EPSS Score
0.1
Exploit Probability
Published Date
2026-05-12
First Seen: 2026-05-17
📊 Relative Risk Intelligence

This CVE is Lower Risk - more severe than 48.9% of all 321,566 vulnerabilities in our database.

#164,380
Below average severity
Severity Percentile
🎯 CISA SSVC Assessment Updated: May 13, 2026
🔍 Exploitation Status
None
No known exploits
⚙️ Automatable
NO
Requires human interaction
💥 Technical Impact
Total
Complete system compromise possible
SSVC data provided by CISA
Last Modified 2026-05-14
Source NVD 🔗
CVSS Vector 3.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
CWE IDs (Weakness Types)
CWE-415

📦 Affected Products 15

Vendor Product Status Affected Versions
microsoft windows_server_2012 Affected
v-
microsoft windows_server_2012 Affected
vr2
microsoft windows_server_2016 Affected
< 10.0.14393.9140
microsoft windows_server_2019 Affected
< 10.0.17763.8755
microsoft windows_server_2022 Affected
< 10.0.20348.5139
microsoft windows_10_1809 Affected
< 10.0.17763.8755
microsoft windows_10_21h2 Affected
< 10.0.19044.7291
microsoft windows_10_22h2 Affected
< 10.0.19045.7291
microsoft windows_10_1607 Affected
< 10.0.14393.9140
microsoft windows_11_23h2 Affected
< 10.0.22631.7079
microsoft windows_server_2022_23h2 Affected
< 10.0.25398.2330
microsoft windows_11_24h2 Affected
< 10.0.26100.8390
microsoft windows_server_2025 Affected
< 10.0.26100.32860
microsoft windows_11_25h2 Affected
< 10.0.26200.8457
microsoft windows_11_26h1 Affected
< 10.0.28000.2113

🔗 References 1

https://msrc.microsoft.com/update-guide/vulnerabilit...
Vendor Advisory

🔗 Related CVEs 6

CVE ID Severity CVSS EPSS Summary Published
CVE-2026-32161 ⚠️ high 7.5 0.1 Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Native WiFi Minip... 2026-05-12
CVE-2026-32170 🔶 medium 6.7 0.1 Double free in Windows Rich Text Edit Control allows an authorized attacker to elevate privileges locally. 2026-05-12
CVE-2026-32209 🔶 medium 4.4 0.0 Improper access control in Windows Filtering Platform (WFP) allows an authorized attacker to bypass a security feature l... 2026-05-12
CVE-2026-33834 ⚠️ high 7.8 0.0 Improper access control in Windows Event Logging Service allows an authorized attacker to elevate privileges locally. 2026-05-12
CVE-2026-33837 ⚠️ high 7.8 0.1 Heap-based buffer overflow in Windows TCP/IP allows an authorized attacker to elevate privileges locally. 2026-05-12
CVE-2026-33838 ⚠️ high 7.8 0.1 Double free in Windows Message Queuing allows an authorized attacker to elevate privileges locally. 2026-05-12
These CVEs affect the same products