Windows Shell protection mechanism failure — NTLM coercion / spoofing (CVSS 4.3, APT28 ITW, KEV deadline 2026-05-12)

cve · CVE-2026-32202

Story timeline

1. 2026-05-08CTI Daily Brief — 2026-05-08
   immediate-actionsFirst coverage. CWE-693; crafted LNK/Shell artefact coerces NTLM authentication to attacker-controlled server; APT28 actively exploiting against EU government ministries. CISA KEV deadline 2026-05-12. Fixed in April 2026 Patch Tuesday.