Microsoft Windows Shell 信息泄露漏洞

Microsoft Windows Shell is the graphical user interface of the Windows operating system developed by Microsoft. Key features of the Windows Shell include the desktop, taskbar, start menu, task switcher, and auto-play functions. In some versions of Windows, features like Flip 3D and Charm are also...

About Remote Code Execution – Windows Shell (CVE-2026-21510) vulnerability

About Remote Code Execution - Windows Shell CVE-2026-21510 vulnerability. A vulnerability from the February Microsoft Patch Tuesday. The Windows Shell is the primary interface through which users interact with the Windows operating system. It includes visible elements such as the Desktop, Taskbar...

CVE-2026-28391

OpenClaw versions prior to 2026.2.2 fail to properly validate Windows cmd.exe metacharacters in allowlist-gated exec requests non-default configuration, allowing attackers to bypass command approval restrictions. Remote attackers can craft command strings with shell metacharacters like & or %...%...

CVE-2026-28391 OpenClaw < 2026.2.2 - Command Injection via cmd.exe Parsing Bypass in Allowlist Enforcement

OpenClaw versions prior to 2026.2.2 fail to properly validate Windows cmd.exe metacharacters in allowlist-gated exec requests non-default configuration, allowing attackers to bypass command approval restrictions. Remote attackers can craft command strings with shell metacharacters like & or %...%...

Command Injection

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Command Injection via the gateway.cmd script generation. An attacker can execute arbitrary commands by supplying specially crafted environment variable values containing Windows shell...

GHSA-7FCC-CW49-XM78 OpenClaw has command injection via Windows shell fallback in Lobster tool execution

Summary The Lobster extension tool execution path used a Windows shell fallback shell: true after spawn failures EINVAL/ENOENT. In that fallback path, shell metacharacters in command arguments can be interpreted by the shell, enabling command injection. Affected Packages / Versions - Package:...

PT-2026-26240

Summary The Lobster extension tool execution path used a Windows shell fallback shell: true after spawn failures EINVAL/ENOENT. In that fallback path, shell metacharacters in command arguments can be interpreted by the shell, enabling command injection. Affected Packages / Versions - Package:...

Exploit for Protection Mechanism Failure in Microsoft

CVE-2026-21510 - Windows Shell Security Feature Bypass Vulnera...

CVE-2026-21510

Protection mechanism failure in Windows Shell allows an unauthorized attacker to bypass a security feature over a network...

February 2026 Patch Tuesday includes six actively exploited zero-days

Microsoft releases important security updates on the second Tuesday of every month, known as “Patch Tuesday.” This month’s update patches fix 59 Microsoft CVE’s including six zero-days. Let’s have a quick look at these six actively exploited zero-days. Windows Shell Security Feature Bypass...

Microsoft Patch Tuesday for February 2026 — Snort rules and prominent vulnerabilities

Microsoft has released its monthly security update for February 2026, which includes 59 vulnerabilities affecting a range of products, including two that Microsoft marked as "Critical". CVE-2026-21522 is a critical elevation of privilege vulnerability affecting Microsoft ACI Confidential...

Patch Tuesday, February 2026 Edition

Microsoft today released updates to fix more than 50 security holes in its Windows operating systems and other software, including patches for a whopping six "zero-day" vulnerabilities that attackers are already exploiting in the wild. Zero-day 1 this month is CVE-2026-21510, a security feature...

CVE-2026-21510

Protection mechanism failure in Windows Shell allows an unauthorized attacker to bypass a security feature over a network...

CVE-2026-21510

Protection mechanism failure in Windows Shell allows an unauthorized attacker to bypass a security feature over a network...

CVE-2026-21510

CVE-2026-21510 is a Windows Shell security feature bypass vulnerability (Protection Mechanism Failure) that can allow remote code execution by bypassing SmartScreen prompts and shell warnings. Affected component: Windows Shell (explorer.exe) and related UI elements. Exploitation requires social e...

CVE-2026-21510

Protection mechanism failure in Windows Shell allows an unauthorized attacker to bypass a security feature over a network...

CVE-2026-21510 Windows Shell Security Feature Bypass Vulnerability

...

Windows Shell Security Feature Bypass Vulnerability

Protection mechanism failure in Windows Shell allows an unauthorized attacker to bypass a security feature over a network...

PT-2026-7396

Name of the Vulnerable Software and Affected Versions Windows Shell affected versions not specified Description A protection mechanism failure in the Windows Shell allows an unauthorized remote attacker to bypass security features, specifically the Windows SmartScreen mechanism and Windows Shell...

VulnCheck KEV: CVE-2026-21510

Protection mechanism failure in Windows Shell allows an unauthorized attacker to bypass a security feature over a network...