CISA Issues Urgent Warning on Exploited Windows Zero-Day Vulnerability CVE-2026-32202

Severity: Critical (Score: 81.0)

Sources: Thehackernews, Cybersecuritynews, Gbhackers, Bleepingcomputer

Summary

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has mandated federal agencies to patch a critical zero-day vulnerability in Microsoft Windows, tracked as CVE-2026-32202. This flaw, identified as a zero-click authentication coercion vulnerability, was exploited by the Russian APT28 group, also known as Fancy Bear. It stems from an incomplete patch for a previously disclosed remote code execution flaw (CVE-2026-21510) from February 2026. Microsoft confirmed the active exploitation of this vulnerability, which allows attackers to steal credentials without user interaction. CISA added CVE-2026-32202 to its Known Exploited Vulnerabilities (KEV) catalog on April 28, 2026, urging all organizations to prioritize patching. The agency has set a deadline of May 12, 2026, for federal agencies to secure their systems. The vulnerability poses significant risks to sensitive information on unpatched systems, with threat actors also exploiting other recent vulnerabilities in Windows. As of now, the situation remains critical, with ongoing exploitation detected. Key Points: • CISA has ordered federal agencies to patch CVE-2026-32202 by May 12, 2026. • The vulnerability is a zero-click flaw exploited by the Russian APT28 group. • Microsoft confirmed active exploitation of CVE-2026-32202, which allows credential theft.

Key Entities

• Apt28 (apt_group)
• Fancy Bear (apt_group)
• Uac-0001 (apt_group)
• Zero-day Exploit (attack_type)
• Microsoft (company)
• Ukraine (country)
• CVE-2026-21510 (cve)
• CVE-2026-21513 (cve)
• CVE-2026-3220 (cve)
• CVE-2026-32202 (cve)
• T1203 - Exploitation for Client Execution (mitre_attack)
• Microsoft Windows (platform)
• Windows (platform)
• BlueHammer (vulnerability)
• RedSun (vulnerability)
• UnDefend (vulnerability)