What is the severity of CVE-2022-21894?

CVE-2022-21894 has a CVSS v3 score of 4.4, which is classified as Medium severity.

Is there an exploit available for CVE-2022-21894?

Yes, there are known exploits available for CVE-2022-21894. Immediate patching is recommended.

Is there a patch available for CVE-2022-21894?

No official patches have been released yet for CVE-2022-21894. Consider implementing workarounds or mitigations.

CVE-2022-21894

Published: April 22, 2026

Last updated:9 hours ago (April 22, 2026)

Exploit: YesZero-day: NoPatch: NoTrend: Neutral

TL;DR

Updated April 22, 2026

CVE-2022-21894 is a medium severity vulnerability with a CVSS score of 4.4. Active exploits exist with no official patch available - immediate mitigation is required.

Key Points

1Medium severity (CVSS 4.4/10)
2EPSS: 41.00% - high likelihood of exploitation
3Public exploits are available
4No official patches released yet
5Strobes Priority Score: 264/1000 (Low)
6Affects products from: Microsoft

Test this CVE with Agentic AI

Deploy autonomous AI agents to validate this vulnerability in your environment.

Severity Scores

CVSS v34.4

CVSS v24.9

Priority Score264.0

EPSS Score41.0

Medium

Exploitation LikelihoodHigh

41.00%EPSS

High probability of exploitation in the next 30 days

Prioritize patching within days

41.00%

EPSS

4.4

CVSS

Yes

Exploit

Patch

Critical Priority

high EPSS • exploit exists • no patch

EPSS predicts the probability of exploitation in the next 30 days based on real-world threat data, complementing CVSS severity scores with actual risk assessment.

Description

Secure Boot Security Feature Bypass Vulnerability.

CVSS v3 Breakdown

Attack Vector:Local

Attack Complexity:Local

Privileges Required:High

User Interaction:Network

Scope:Unchanged

Confidentiality:Network

Integrity:High

Availability:Network

Exploit References

GitHub GitHub GitHub GitHub GitHub GitHub GitHub GitHub GitHub GitHub

Trend Analysis

Neutral

Vulnerable Products

Vendor	Product
Microsoft	Windows Server 2012
Microsoft	Windows 10
Microsoft	Windows 8.1
Microsoft	Windows Server
Microsoft	Windows Server 2019
Microsoft	Windows 11
Microsoft	Windows Server 2016

Advisories

GitHub Advisory NVD

Threat Intelligence

Threat Actors (3)

APT41 APT28 Lazarus Group

Cite This Page

APA Format

Strobes VI. (2026). CVE-2022-21894 - CVE Details and Analysis. Strobes VI. Retrieved April 22, 2026, from https://vi.strobes.co/cve/CVE-2022-21894

Quick copy link + title

Please cite this page when referencing data from Strobes VI. Proper attribution helps support our vulnerability intelligence research.

Vendor

Product

Microsoft

Windows Server 2012

Microsoft

Windows 10

Microsoft

Windows 8.1

Microsoft

Windows Server

Microsoft

Windows Server 2019

Microsoft

Windows 11

Microsoft

Windows Server 2016

CVE-2022-21894

Threat Intelligence

Ready for Agentic Automated Testing?

CVE-2022-21894

Threat Intelligence