CVE-2026-21250

High

Untrusted pointer dereference in Windows HTTP.sys allows an authorized attacker to elevate privileges locally.

secure@microsoft.com·CWE-822·Published 2026-02-10

CVSS

7.8

EPSS

0.01

KEV

Exploits

cve.orgen

110 chars

Untrusted pointer dereference in Windows HTTP.sys allows an authorized attacker to elevate privileges locally.

NVDen

110 chars

Untrusted pointer dereference in Windows HTTP.sys allows an authorized attacker to elevate privileges locally.

NVDes

121 chars

Desreferencia de puntero no confiable en Windows HTTP.sys permite a un atacante autorizado elevar privilegios localmente.

Version	Type	Source	Base	Exp	Impact	Vector
3.1	Primary	cve.org	7.8	—	—	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
3.1	Secondary	NVD	7.8	1.8	5.9