Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Primary rating from NVD.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Lifecycle Timeline
5DescriptionCVE.org
Exposure of sensitive information to an unauthorized actor in Windows Shell allows an authorized attacker to disclose information over a network.
AnalysisAI
Windows Shell information disclosure vulnerability (CVE-2026-32151) allows authenticated network attackers to read sensitive data without authorization. The vulnerability affects Windows 10 versions 1607-22H2, Windows 11 versions 22H3-26H1, Windows Server 2012-2025, and associated Server Core installations. Microsoft has released vendor patches for all affected versions; exploitation requires valid credentials and network access but no user interaction.
Technical ContextAI
The vulnerability resides in Windows Shell (the core component managing file system operations, user interface, and system services across Windows NT-based operating systems) and is classified as an information disclosure flaw under CWE-200 (Exposure of Sensitive Information to an Unauthorized Actor). The root cause involves improper access controls or validation mechanisms within Shell's data handling logic, permitting authenticated users to bypass confidentiality controls and retrieve information they should not have access to. The CVSS vector (AV:N/AC:L/PR:L/UI:N/S:U/C:H) confirms that exploitation is network-exploitable with low complexity, requires valid authentication credentials, and has high impact on confidentiality. The scope remains unchanged, meaning the attacker cannot escalate privileges or affect system availability-only data disclosure is possible. Windows Shell is present in all Windows consumer and server editions, making the affected product range extremely broad (Windows 10 build 14393-19045, Windows 11 builds 22631-28000, Windows Server 2012 through 2025).
RemediationAI
Patch available from vendor: apply Microsoft security updates immediately to all affected Windows installations using Windows Update, WSUS, or manual patch deployment. For Windows 10, upgrade to or apply cumulative updates for versions 1607 (build 14393.9060 or later), 1809 (10.0.17763.8644 or later), 21H2 (10.0.19044.7184 or later), or 22H2 (10.0.19045.7184 or later). For Windows 11, update to versions 22H3 (10.0.22631.6936 or later), 23H2 (10.0.22631.6936 or later), 24H2 (10.0.26100.32690 or later), 25H2 (10.0.26200.8246 or later), or 26H1 (10.0.28000.1836 or later). For Windows Server, apply patches to 2012 (6.2.9200.26026 or later), 2012 R2 (6.3.9600.23132 or later), 2016 (10.0.14393.9060 or later), 2019 (10.0.17763.8644 or later), 2022 (10.0.20348.5020 or later, or 23H2 10
Same weakness CWE-200 – Information Exposure
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-22536
GHSA-rc9f-gg7h-hc56