Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Primary rating from Vendor (microsoft).
CVSS VectorVendor: microsoft
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Lifecycle Timeline
2DescriptionCVE.org
Exposure of sensitive information to an unauthorized actor in Windows Shell allows an authorized attacker to disclose information locally.
AnalysisAI
Information disclosure in Windows Shell exposes sensitive data to authenticated low-privileged attackers, with a confirmed vendor patch available. The vulnerability stems from CWE-200 improper information exposure within the Windows Shell component, allowing confidentiality compromise with no integrity or availability impact. No public exploit code or CISA KEV listing has been identified at time of analysis, but the high confidentiality impact score (C:H) and low attack complexity elevate practical concern for environments where lateral movement or credential harvesting are threat vectors.
Technical ContextAI
Windows Shell is the core user interface layer of Microsoft Windows, responsible for the desktop environment, file system browsing, process execution, and inter-process communication surfaces. CWE-200 (Exposure of Sensitive Information to an Unauthorized Actor) identifies the root cause as a failure to properly restrict access to data that should be protected - in this context, Windows Shell likely fails to enforce access controls on sensitive objects, environment variables, file paths, registry entries, or tokens it processes. The CVSS vector specifies CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N, indicating a network-reachable attack path requiring low-privilege credentials. However, the CVE description explicitly states the disclosure occurs 'locally,' which is a direct conflict with the AV:N vector - this discrepancy must be resolved with vendor confirmation before assessing remote exploitability.
RemediationAI
The primary remediation is to apply the vendor-released patch from Microsoft available via the Microsoft Security Response Center advisory at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-42907. An exact patched version number was not included in the available intelligence data; consult the MSRC advisory to confirm the specific KB article and build. If immediate patching is not feasible and the actual attack vector is confirmed as local (per the description), restrict interactive and remote login access to the affected systems to only trusted, necessary user accounts, minimizing the pool of low-privilege principals who could trigger the disclosure. If the AV:N vector is accurate and the vulnerability is remotely exploitable, consider restricting network access to Windows Shell-adjacent services (e.g., RPC endpoints, SMB, RDS) from untrusted network segments as a compensating control. Note that network segmentation is a partial mitigation only and does not substitute for patching.
More in Windows 10 1809
View allWindows Internet Shortcut Files (.url) contain an external control vulnerability (CVE-2025-33053, CVSS 8.8) that enables
Windows SMB contains an improper access control vulnerability (CVE-2025-33073, CVSS 8.8) enabling authenticated attacker
Active Directory Domain Services contains an elevation of privilege vulnerability that allows authenticated domain users
Microsoft Scripting Engine contains a type confusion vulnerability allowing unauthorized remote code execution over the
Windows CLFS Driver contains an input validation flaw enabling local privilege escalation, yet another CLFS kernel vulne
Windows Ancillary Function Driver for WinSock contains a heap-based buffer overflow enabling local privilege escalation
Windows Shell contains a protection mechanism failure (CVE-2026-21510, CVSS 8.8) that allows unauthenticated remote atta
This flaw makes curl overflow a heap based buffer in the SOCKS5 proxy handshake. Rated critical severity (CVSS 9.8), thi
In IGEL OS before 11, Secure Boot can be bypassed because the igel-flash-driver module improperly verifies a cryptograph
Desktop Window Manager (DWM) in Windows contains a type confusion vulnerability (CVE-2026-21519, CVSS 7.8) that enables
Windows Common Log File System Driver contains another use-after-free for local privilege escalation, the latest in a se
Windows Storage contains an elevation of privilege vulnerability through symlink following that allows authorized attack
Same weakness CWE-200 – Information Exposure
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-35596
GHSA-25wx-66jf-2p4j