CVE-2026-21249

Low

External control of file name or path in Windows NTLM allows an unauthorized attacker to perform spoofing locally.

secure@microsoft.com·CWE-73·Published 2026-02-10

CVSS

3.3

EPSS

0.11

KEV

Exploits

cve.orgen

114 chars

External control of file name or path in Windows NTLM allows an unauthorized attacker to perform spoofing locally.

NVDen

114 chars

External control of file name or path in Windows NTLM allows an unauthorized attacker to perform spoofing locally.

NVDes

150 chars

El control externo del nombre o la ruta del archivo en Windows NTLM permite a un atacante no autorizado realizar suplantación de identidad localmente.

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
3.1	Primary	cve.org	3.3	—	—	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C
3.1	Secondary	NVD	3.3	1.8	1.4