CVE-2026-32202
is CVE-2026-32202real, exploitable, or a false positive? Here's the community ground truth.
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
Protection mechanism failure in Windows Shell allows an unauthorized attacker to perform spoofing over a network.
NVD only has a brief summary for this one — the community fills in the real-world detail below.
References
Published
Embed this verdict
[](https://www.truepositive.app/cve/CVE-2026-32202)<a href="https://www.truepositive.app/cve/CVE-2026-32202"><img src="https://www.truepositive.app/cve/CVE-2026-32202/badge.svg" alt="TruePositive verdict for CVE-2026-32202"></a>Live badge — updates automatically as the community verdict changes.
Community ground truth
Community verdict
2 verdictsIncludes TruePositive's curated baseline from public sources — community verdicts accrue on top.
Pick your verdict — we'll save it right after a quick sign-in.
Practitioners rate this higher than its CVSS — treat with extra caution.
Field notes & remediation
Verdicts are the quick signal — notes are the evidence and fixes behind them.
- 0
Microsoft Windows Protection Mechanism Failure Vulnerability — Microsoft Windows Shell contains a protection mechanism failure vulnerability that allows an unauthorized attacker to perform spoofing over a network. Listed in the CISA KEV catalog (added 2026-04-28) — confirmed exploited in the wild, not theoretical. FIRST EPSS puts the chance of exploitation in the next 30 days at ~20%. Treat it as real and prioritize remediation over triage.
- 0
Required action for Microsoft Windows: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. CISA set a federal remediation due date of 2026-05-12. After patching, verify the vulnerable path is no longer reachable before closing the finding.
Related CVEs
Same weakness — CWE-693.
- CVE-2013-2465CVSS 9.8KEVEPSS 99%
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via vectors related to "Incorrect image channel verification" in 2D.
- CVE-2024-21412CVSS 8.1KEVEPSS 95%
Internet Shortcut Files Security Feature Bypass Vulnerability
- CVE-2013-0431CVSS 5.3KEVEPSS 90%
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, and OpenJDK 7, allows user-assisted remote attackers to bypass the Java security sandbox via unspecified vectors related to JMX, aka "Issue 52," a different vulnerability than CVE-2013-1490.
- CVE-2025-40536CVSS 8.1KEVEPSS 82%
SolarWinds Web Help Desk was found to be susceptible to a security control bypass vulnerability that if exploited, could allow an unauthenticated attacker to gain access to certain restricted functionality.
- CVE-2019-1003030CVSS 9.9KEVEPSS 76%
A sandbox bypass vulnerability exists in Jenkins Pipeline: Groovy Plugin 2.63 and earlier in pom.xml, src/main/java/org/jenkinsci/plugins/workflow/cps/CpsGroovyShell.java that allows attackers able to control pipeline scripts to execute arbitrary code on the Jenkins master JVM.
- CVE-2025-0411CVSS 7KEVEPSS 66%
7-Zip Mark-of-the-Web Bypass Vulnerability. This vulnerability allows remote attackers to bypass the Mark-of-the-Web protection mechanism on affected installations of 7-Zip. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of archived files. When extracting files from a crafted archive that bears the Mark-of-the-Web, 7-Zip does not propagate the Mark-of-the-Web to the extracted files. An attacker can leverage this vulnerability to execute arbitrary code in the context of the current user. Was ZDI-CAN-25456.