Jan 2026: Inbox COM Objects (Global Memory) Remote Code Execution Vulnerability
CVE-2026-21219 Published on January 13, 2026
Inbox COM Objects (Global Memory) Remote Code Execution Vulnerability
Use after free in Inbox COM Objects allows an unauthorized attacker to execute code locally.
Weakness Type
What is a Dangling pointer Vulnerability?
Referencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code.
CVE-2026-21219 has been classified to as a Dangling pointer vulnerability or weakness.
Products Associated with CVE-2026-21219
Want to know whenever a new CVE is published for Microsoft Windows Sdk? stack.watch will email you.
Affected Versions
Microsoft Windows SDK:- Version 26100 and below 10.0.26100.7463 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.