Critical active threat
CVE-2026-21519 Microsoft Windows Type Confusion
- Actively exploited (CISA KEV)
- Listed on CISA KEV
- Potential privilege escalation to admin/root
Microsoft Windows privilege escalation is on CISA KEV — confirmed in-the-wild exploitation. Expect continued targeting while the issue remains on the catalog.