{
  "title": "Windows Shell CVE-2026-32202 KEV: Zero-Click NTLM Coercion",
  "summary": "CVE-2026-32202 is an actively exploited Windows Shell protection-mechanism failure that Akamai traced to an incomplete patch for an APT28 LNK exploit chain, allowing zero-click NTLM authentication coercion when Explorer renders a malicious shortcut.",
  "date": "2026-05-27",
  "severity": "high",
  "tags": [
    "microsoft",
    "windows",
    "zero-day",
    "cisa-kev",
    "credential-theft"
  ],
  "sources_count": 5,
  "indicators": {
    "slug": "windows-shell-cve-2026-32202-kev",
    "since": "2026-05-27T00:00:00Z",
    "until": "2026-05-27T23:59:59Z",
    "ecosystem": "",
    "cves": [
      "CVE-2026-32202",
      "CVE-2026-21510",
      "CVE-2026-21513"
    ],
    "cwes": [],
    "advisoryIds": [],
    "products": [
      "Windows Shell"
    ],
    "packages": [],
    "versions": [],
    "affectedVersions": [],
    "fixedVersions": [],
    "files": [],
    "paths": [],
    "services": [],
    "domains": [
      "www.akamai.com",
      "www.cisa.gov",
      "nvd.nist.gov"
    ],
    "urls": [
      "https://www.akamai.com/blog/security-research/2026/apr/incomplete-patch-apt28s-zero-day-cve-2026-32202",
      "https://www.cisa.gov/news-events/alerts/2026/04/28/cisa-adds-two-known-exploited-vulnerabilities-catalog",
      "https://nvd.nist.gov/vuln/detail/CVE-2026-32202"
    ],
    "ips": [],
    "hashes": [],
    "processPatterns": [],
    "networkPatterns": [],
    "telemetrySelectors": []
  }
}