The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has ordered federal agencies to secure Windows systems against a vulnerability tracked as CVE-2026-32202 after cybersecurity firm Akamai reported it as a zero-click NTLM hash leak left behind when Microsoft incompletely patched a February remote code execution flaw (CVE-2026-21510). CISA added CVE-2026-32202 to its Known Exploited Vulnerabilities (KEV) Catalog and mandated that