CVE-2021-31166
Microsoft HTTP Protocol Stack Remote Code Execution Vulnerability
CVSS
—
No CVSS
EPSS
99.7%
p100
KEV
YES
Apr 6, 2022
Exploit Today
80
0-100
Published: — · Last modified: —
99.6%EPSS · 30 days99.7%
2026-06-302026-07-16
Product
Microsoft / HTTP Protocol Stack
Vulnerability
Microsoft HTTP Protocol Stack Remote Code Execution Vulnerability
Added to KEV
Apr 6, 2022
Remediate by
Apr 27, 2022
Known ransomware use
No
Summary description
Microsoft HTTP Protocol Stack contains a vulnerability in http.sys that allows for remote code execution.
Required action
Apply updates per vendor instructions.
Notes
https://nvd.nist.gov/vuln/detail/CVE-2021-31166
No related CVEs by CWE or product.