CVE-2026-21533

HIGH Actively Exploited

Windows Remote Desktop Services Elevation of Privilege Vulnerability

CVSS v3

7.8

HIGH

EPSS Score

20.2%

exploit probability

CISA KEV

No

known exploited

Exploitation

active

SSVC status

Description

Improper privilege management in Windows Remote Desktop allows an authorized attacker to elevate privileges locally.

Technical Details

CVSS v3 Vector
3.1
Published
2/10/2026
Last Modified
3/30/2026

Frequently Asked Questions

What is CVE-2026-21533?

Improper privilege management in Windows Remote Desktop allows an authorized attacker to elevate privileges locally.

Is CVE-2026-21533 actively exploited?

Yes. CVE-2026-21533 has been observed in active exploitation according to SSVC analysis.

What is the CVSS score for CVE-2026-21533?

CVE-2026-21533 has a CVSS v3 base score of 7.8 (HIGH severity), with vector string 3.1.

Is CVE-2026-21533 affecting your environment?

Use isMalicious to check if any of your IPs or domains are associated with this vulnerability's IOCs.

Check an IPSearch CVEs
Back to CVE Database