CVE-2021-43226
Windows Common Log File System Driver Elevation of Privilege Vulnerability
Vexday Risk Score
71High priority
SSVC decision (CISA)
Act
Exploitation + impact → act immediately
Exploit maturity
Proof of concept
Popular PoC on GitHub (2 stars) — exploitation code widely available.
CVSS 7.8EPSS 3.1%KEV simPoC públicaNuclei —Metasploit —Patch —
Lifecycle
15 Dec 2021Published on NVD
30 Oct 2023Public PoC
06 Oct 2025Active exploitation (CISA KEV)
Weaponization speed
683 daysto first PoC
1390 daysto active exploitation (KEV)
Recommendation: Patch as soon as possible — active exploitation confirmed.
In short
A flaw in Windows' Common Log File System Driver allows a local attacker to gain higher privileges on the system. An authenticated user can exploit this to run malicious code with elevated permissions.
Technical detail
A privilege escalation vulnerability in the CLFS driver can be exploited by a local attacker with user-level access to execute arbitrary code with kernel privileges. The attack requires local code execution as a prerequisite and results in complete system compromise via kernel-level access.
Summary generated and translated by AI from the official description.
Windows Common Log File System Driver Elevation of Privilege Vulnerability
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Affected products
Microsoft · Windows 10 Version 1507Microsoft · Windows 10 Version 1607Microsoft · Windows 10 Version 1809Microsoft · Windows 10 Version 1909Microsoft · Windows 10 Version 2004Microsoft · Windows 10 Version 20H2Microsoft · Windows 10 Version 21H1Microsoft · Windows 10 Version 21H2Microsoft · Windows 11 version 21H2Microsoft · Windows 7Microsoft · Windows 7 Service Pack 1Microsoft · Windows 8.1Microsoft · Windows Server 2008 R2 Service Pack 1Microsoft · Windows Server 2008 R2 Service Pack 1 (Server Core installation)Microsoft · Windows Server 2008 Service Pack 2Microsoft · Windows Server 2008 Service Pack 2Microsoft · Windows Server 2008 Service Pack 2 (Server Core installation)Microsoft · Windows Server 2012Microsoft · Windows Server 2012 R2Microsoft · Windows Server 2012 R2 (Server Core installation)Microsoft · Windows Server 2012 (Server Core installation)Microsoft · Windows Server 2016Microsoft · Windows Server 2016 (Server Core installation)Microsoft · Windows Server 2019Microsoft · Windows Server 2019 (Server Core installation)Microsoft · Windows Server 2022Microsoft · Windows Server version 2004Microsoft · Windows Server version 20H2public PoCs found — 2
githubgithub.com/Rosayxy/cve-2021-43226PoC★ 2vulncheckvulncheck.com/xdb/d3b41461a7f7unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.