Microsoft
CVE-2026-21525
MEDIUM
Severity by source
AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Lifecycle Timeline
3DescriptionCVE.org
Null pointer dereference in Windows Remote Access Connection Manager allows an unauthorized attacker to deny service locally.
AnalysisAI
Windows Remote Access Connection Manager contains a null pointer dereference flaw affecting Windows 10 (versions 1809 and 21h2) and Windows 11 (version 23h2) that has been confirmed as actively exploited. A local attacker can trigger a denial of service condition without requiring authentication or user interaction. No patch is currently available for this vulnerability.
Technical ContextAI
Classified as CWE-476 (NULL Pointer Dereference). Affects Windows 10 1607. Null pointer dereference in Windows Remote Access Connection Manager allows an unauthorized attacker to deny service locally.
RemediationAI
Monitor vendor advisories for a patch.
Same weakness CWE-476 – NULL Pointer Dereference
View allSame technique Null Pointer Dereference
View allShare
External POC / Exploit Code
Leaving vuln.today