CVE-2026-21223 — Vulnetix

CVE-2026-21223 PUBLISHED CVSS 7.099999904632568 HIGH

Microsoft Edge Elevation Service exposes a privileged COM interface that inadequately validates the privileges of the calling process. A standard (non‑administrator) local user can invoke the IElevatorEdge interface method LaunchUpdateCmdElevatedAndWait, causing the service to execute privileged update commands as LocalSystem. This allows a non‑administrator to enable or disable Windows Virtualization‑Based Security (VBS) by modifying protected system registry keys under HKLM\SYSTEM\CurrentControlSet\Control\DeviceGuard. Disabling VBS weakens critical platform protections such as Credential Guard, Hypervisor‑protected Code Integrity (HVCI), and the Secure Kernel, resulting in a security feature bypass.

EPSS 0.03% · 8.4th percentile

Risk Scores

CVSS 3.1

7.099999904632568

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C

EPSS Score

0.03%

8.4th percentile

Affected Products

Vendor	Product	Versions
Microsoft	Microsoft Edge (Chromium-based)	1.0.0.0, 1.0.0.0
microsoft	edge_chromium	0, 1.0.0.0, 0

Exploit Intelligence

https://www.microsoft.com/en-us/msrc/exploitability-index?rtc=1 (msrc)
CIRCL seen: CVE-2026-21223 (circl-sighting)
CIRCL seen: CVE-2026-21223 (circl-sighting)
CIRCL seen: CVE-2026-21223 (circl-sighting)
Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability (circl)

Timeline

Jan 13, 2026 CVE Published
Jan 16, 2026 PoC Published
Jan 17, 2026 EPSS Score
Jan 17, 2026 PoC Published
Jan 19, 2026 PoC Published
Jan 20, 2026 EPSS Score
Jan 23, 2026 EPSS Score
Jan 26, 2026 EPSS Score
Jan 28, 2026 EPSS Score
Jan 31, 2026 EPSS Score
Feb 3, 2026 EPSS Score
Feb 6, 2026 EPSS Score

References

Open in Interactive Console →