{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-11T05:03:47.472","vulnerabilities":[{"cve":{"id":"CVE-2026-21223","sourceIdentifier":"secure@microsoft.com","published":"2026-01-16T22:16:25.983","lastModified":"2026-02-22T17:16:54.310","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Improper privilege management in Microsoft Edge (Chromium-based) allows an authorized attacker to bypass a security feature locally."},{"lang":"es","value":"El Servicio de Elevación de Microsoft Edge expone una interfaz COM privilegiada que valida de forma inadecuada los privilegios del proceso llamador. Un usuario local estándar (no administrador) puede invocar el método de interfaz IElevatorEdge LaunchUpdateCmdElevatedAndWait, haciendo que el servicio ejecute comandos de actualización privilegiados como LocalSystem.\nEsto permite a un no administrador habilitar o deshabilitar la Seguridad Basada en Virtualización (VBS) de Windows modificando claves de registro de sistema protegidas bajo HKLM\\SYSTEM\\CurrentControlSet\\Control\\DeviceGuard. Deshabilitar VBS debilita protecciones críticas de la plataforma como Credential Guard, la Integridad de Código Protegida por Hipervisor (HVCI) y el kernel seguro, lo que resulta en una omisión de característica de seguridad."}],"metrics":{"cvssMetricV31":[{"source":"secure@microsoft.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":1.8,"impactScore":5.2},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N","baseScore":5.1,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.5,"impactScore":2.5}]},"weaknesses":[{"source":"secure@microsoft.com","type":"Secondary","description":[{"lang":"en","value":"CWE-269"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:edge_chromium:*:*:*:*:*:*:*:*","versionEndExcluding":"144.0.3719.82","matchCriteriaId":"004B4A9D-AEC7-40B6-9C4D-A249AF5EB048"}]}]}],"references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21223","source":"secure@microsoft.com","tags":["Vendor Advisory"]}]}}]}