Login Sign Up

CVE-2026-21222

5.5 MEDIUM

📋 TL;DR

This vulnerability allows sensitive information to be written to log files in the Windows Kernel. An authenticated attacker with local access could read these logs to obtain confidential data. This affects Windows systems where kernel logging is enabled.

💻 Affected Systems

Products:
  • Windows Kernel
Versions: Specific versions not yet detailed in public advisory
Operating Systems: Windows 10, Windows 11, Windows Server 2016/2019/2022
Default Config Vulnerable: ⚠️ Yes
Notes: Requires kernel logging to be enabled. The exact affected Windows versions will be specified in Microsoft's official advisory.

📦 What is this software?

Windows 10 1607 by Microsoft

View all CVEs affecting Windows 10 1607 →

Windows 10 1607 by Microsoft

View all CVEs affecting Windows 10 1607 →

Windows 10 1809 by Microsoft

View all CVEs affecting Windows 10 1809 →

Windows 10 1809 by Microsoft

View all CVEs affecting Windows 10 1809 →

Windows 10 21h2 by Microsoft

View all CVEs affecting Windows 10 21h2 →

Windows 10 21h2 by Microsoft

View all CVEs affecting Windows 10 21h2 →

Windows 10 21h2 by Microsoft

View all CVEs affecting Windows 10 21h2 →

Windows 10 22h2 by Microsoft

View all CVEs affecting Windows 10 22h2 →

Windows 10 22h2 by Microsoft

View all CVEs affecting Windows 10 22h2 →

Windows 10 22h2 by Microsoft

View all CVEs affecting Windows 10 22h2 →

Windows 11 23h2 by Microsoft

View all CVEs affecting Windows 11 23h2 →

Windows 11 23h2 by Microsoft

View all CVEs affecting Windows 11 23h2 →

Windows 11 24h2 by Microsoft

View all CVEs affecting Windows 11 24h2 →

Windows 11 24h2 by Microsoft

View all CVEs affecting Windows 11 24h2 →

Windows Server 2012 by Microsoft

View all CVEs affecting Windows Server 2012 →

Windows Server 2016 by Microsoft

View all CVEs affecting Windows Server 2016 →

Windows Server 2019 by Microsoft

View all CVEs affecting Windows Server 2019 →

Windows Server 2022 by Microsoft

View all CVEs affecting Windows Server 2022 →

Windows Server 2022 23h2 by Microsoft

View all CVEs affecting Windows Server 2022 23h2 →

Windows Server 2025 by Microsoft

View all CVEs affecting Windows Server 2025 →

⚠️ Risk & Real-World Impact

🔴

Worst Case

An attacker gains access to sensitive kernel memory contents, credentials, or encryption keys that could lead to privilege escalation or lateral movement.

🟠

Likely Case

Local authenticated user reads kernel logs containing debugging information, memory addresses, or configuration details that could aid further attacks.

🟢

If Mitigated

With proper access controls and log file permissions, impact is limited to information disclosure with no direct code execution.

🌐 Internet-Facing: LOW - This requires local access to the system, not directly exploitable over the network.
🏢 Internal Only: MEDIUM - Internal attackers with local access could exploit this to gather sensitive information for privilege escalation.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Requires local authenticated access and ability to read kernel log files. No public exploit code available yet.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Not yet released

Vendor Advisory: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21222

Restart Required: Yes

Instructions:

1. Monitor Microsoft Security Response Center for patch release. 2. Apply Windows Update when available. 3. Restart system after patch installation.

🔧 Temporary Workarounds

Restrict Kernel Log File Access

windows

Set strict permissions on kernel log files to prevent unauthorized reading

icacls C:\Windows\System32\LogFiles\Kernel\* /inheritance:r /grant:r "SYSTEM:(F)" "Administrators:(R)"

Disable Unnecessary Kernel Logging

windows

Reduce kernel logging verbosity to minimize sensitive information exposure

wevtutil sl Microsoft-Windows-Kernel-General /e:false

🧯 If You Can't Patch

  • Implement strict access controls on log directories and files
  • Monitor for unusual access patterns to kernel log files

🔍 How to Verify

Check if Vulnerable:

Check if kernel logging is enabled and log files contain sensitive information

Check Version:

systeminfo | findstr /B /C:"OS Name" /C:"OS Version"

Verify Fix Applied:

After patch installation, verify Windows Update history shows the security update applied

📡 Detection & Monitoring

Log Indicators:

  • Unusual access patterns to kernel log files
  • Failed attempts to access restricted log directories

Network Indicators:

  • Not applicable - local vulnerability only

SIEM Query:

EventID=4663 AND ObjectName LIKE '%\Windows\System32\LogFiles\Kernel%' AND AccessMask IN ('0x10000', '0x120089')

📊 Metadata

CVE ID: CVE-2026-21222
CVSS v3 Score: 5.5 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CWE: CWE-532
EPSS Score: 0.03% exploit probability (9th percentile)
Published: February 10, 2026
Last Updated: February 11, 2026

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2026-21222, you might also want to check these:

CVE-2021-32724 9.9

CVE-2021-32724 is a critical vulnerability in the check-spelling GitHub Action that allows attackers...

Same vulnerability type (CWE-532)
CVE-2022-36407 9.9

This vulnerability allows local users to gain sensitive information through insertion of sensitive d...

Same vulnerability type (CWE-532)
CVE-2025-6391 9.8

Brocade ASCG versions before 3.3.0 log JSON Web Tokens (JWT) in plain text within log files. Attacke...

Same vulnerability type (CWE-532)