Exposures › CVE-2026-32202
Microsoft Windows Shell allows network spoofing via a protection mechanism failure, enabling attackers to bypass authentication and execute commands.
This vulnerability allows an unauthorized attacker to perform spoofing over a network, potentially bypassing authentication mechanisms and executing commands on Windows systems. For DIB organizations, this poses a significant risk as it can lead to unauthorized access and data breaches, requiring immediate patching and network segmentation to mitigate exposure.
Shame score — While the vulnerability is actively exploited, it is not a zero-day and does not involve default credentials or negligence, making it a moderate embarrassment.
Microsoft Windows Shell contains a protection mechanism failure vulnerability that allows an unauthorized attacker to perform spoofing over a network.
| Product | Provider | Status | Match |
|---|---|---|---|
| Azure Commercial Cloud | Microsoft | Authorized | vendor-exact · 0.90 |
| Azure Government (includes Dynamics 365) | Microsoft | Authorized | vendor-exact · 0.90 |
| Microsoft Office 365 GCC High | Microsoft | In Process | vendor-exact · 0.90 |
| Office 365 Multi-Tenant & Supporting Services | Microsoft | Authorized | vendor-exact · 0.90 |