Tracked as CVE-2026-21510, this security flaw allows remote attackers to bypass essential protection mechanisms, putting millions of Windows users at risk.
The vulnerability is classified as a “Security Feature Bypass” with a CVSS score of 8.8 (Important). It resides in how Windows Shell handles certain file types.
Normally, Windows uses features like SmartScreen and user prompts to warn you before running potentially dangerous files from the internet, a concept known as the “Mark of the Web.”
By exploiting CVE-2026-21510, attackers can create specially crafted files (such as malicious shortcuts or links) that evade these checks entirely.
If a user is tricked into clicking such a link, the attacker’s malicious code can execute immediately without any warning dialogs or consent prompts appearing on the screen.
This effectively bypasses the “authentication” step, where the user approves the execution of untrusted software.
The flaw affects a vast range of Microsoft products, spanning both modern and older systems. According to the release data, the vulnerable versions include:
| Product Family | Affected Versions |
|---|---|
| Windows 10 | Versions 1607, 1809, 21H2, 22H2 |
| Windows 11 | Versions 23H2, 24H2, 25H2, 26H1 |
| Windows Server | 2012, 2012 R2, 2016, 2019, 2022, 2025 |
Microsoft has confirmed that this vulnerability allows attackers to run unauthorized content as if it were trusted.
Because this vulnerability is actively exploited (a 0-day), administrators and users must patch their systems immediately.
Update Now: Go to Settings > Windows Update and check for updates released on February 10, 2026.
Watch for Links: Be extra cautious when clicking links or opening shortcut files from unknown sources, even if they appear harmless, until the patch is applied.
The discovery of this flaw was credited to researchers from the Microsoft Threat Intelligence Center (MSTIC) and the Google Threat Intelligence Group, highlighting the severity and cross-industry attention this issue has received.
Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.
The post Windows Shell Security Feature 0-Day Vulnerability Let Attackers Bypass Authentication appeared first on Cyber Security News.
Nintendo has dropped a surprise update for Super Mario Galaxy 2 that adds a new…
It’s been nearly three years since Mortal Kombat 1 came out, but developer NetherRealm has…
The Simpsons has mocked or referenced literature over its many seasons, usually through a book…
A new and more dangerous type of malware is quietly targeting Windows users by hiding…
A new and more dangerous type of malware is quietly targeting Windows users by hiding…
SonicWall has released a security advisory addressing three vulnerabilities in its SonicOS software. Discovered by…
This website uses cookies.