Description
Use after free in Windows Cluster Client Failover allows an authorized attacker to elevate privileges locally.
Published: 2026-02-10
Score: 7.8 High
EPSS: < 1% Very Low
KEV: No
Impact: Local Privilege Escalation
Action: Apply Patch
AI Analysis

Impact

An authenticated local user can exploit a use‑after‑free condition in the Cluster Client Failover component on Microsoft Windows Server to execute code with higher privilege rights. The vulnerability stems from improper memory management (CWE-416) after a resource is freed, enabling the attacker to overwrite control data and consequently gain privileges beyond the original user context. This flaw permits the compromise of the system without requiring network or remote access, thereby enabling malicious actions such as installing software, modifying configurations, or accessing sensitive data.

Affected Systems

Microsoft Windows Server 2016, 2019, 2022, the 2022‑23H2 edition, and 2025 (both standard and Server Core installations) are known to be affected. All listed Server editions contain the vulnerable Cluster Client Failover component.

Risk and Exploitability

The vulnerability receives a CVSS score of 7.8, indicating a high severity. The EPSS score is below 1%, reflecting a low probability of exploitation at this time, and the issue is not currently listed in the CISA KEV catalog. The attack vector is local; an authorized attacker who has legitimate access to the system can trigger the use‑after‑free, making the risk significant for environments that enable clustering on servers.

Generated by OpenCVE AI on April 15, 2026 at 16:23 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the Microsoft security update that addresses CVE-2026-21251
  • Disable the Cluster Client Failover service on servers where clustering is not required
  • Limit local user privileges to the minimum level needed for their role to reduce the potential impact of a local privilege escalation

Generated by OpenCVE AI on April 15, 2026 at 16:23 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 26 Feb 2026 17:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Thu, 12 Feb 2026 12:30:00 +0000

Type Values Removed Values Added
First Time appeared Microsoft windows Server 2016 (server Core Installation)
Microsoft windows Server 2019 (server Core Installation)
Microsoft windows Server 2022, 23h2 Edition (server Core Installation)
Microsoft windows Server 2025 (server Core Installation)
Vendors & Products Microsoft windows Server 2016 (server Core Installation)
Microsoft windows Server 2019 (server Core Installation)
Microsoft windows Server 2022, 23h2 Edition (server Core Installation)
Microsoft windows Server 2025 (server Core Installation)

Wed, 11 Feb 2026 19:45:00 +0000

Type Values Removed Values Added
First Time appeared Microsoft windows Server 2022 23h2
CPEs cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*
Vendors & Products Microsoft windows Server 2022 23h2

Tue, 10 Feb 2026 18:15:00 +0000

Type Values Removed Values Added
Description Use after free in Windows Cluster Client Failover allows an authorized attacker to elevate privileges locally.
Title Cluster Client Failover (CCF) Elevation of Privilege Vulnerability
First Time appeared Microsoft
Microsoft windows Server 2016
Microsoft windows Server 2019
Microsoft windows Server 2022
Microsoft windows Server 2025
Microsoft windows Server 23h2
Weaknesses CWE-416
CPEs cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_23h2:*:*:*:*:*:*:*:*
Vendors & Products Microsoft
Microsoft windows Server 2016
Microsoft windows Server 2019
Microsoft windows Server 2022
Microsoft windows Server 2025
Microsoft windows Server 23h2
References
Metrics cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C'}

Subscriptions

Microsoft Windows Server 2016 Windows Server 2016 (server Core Installation) Windows Server 2019 Windows Server 2019 (server Core Installation) Windows Server 2022 Windows Server 2022, 23h2 Edition (server Core Installation) Windows Server 2022 23h2 Windows Server 2025 Windows Server 2025 (server Core Installation) Windows Server 23h2
cve-icon MITRE

Status: PUBLISHED

Assigner: microsoft

Published:

Updated: 2026-04-10T13:21:26.811Z

Reserved: 2025-12-11T21:02:05.736Z

Link: CVE-2026-21251

cve-icon Vulnrichment

Updated: 2026-02-25T15:42:54.464Z

cve-icon NVD

Status : Analyzed

Published: 2026-02-10T18:16:26.840

Modified: 2026-02-11T19:42:34.007

Link: CVE-2026-21251

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-15T17:45:10Z

Weaknesses