CVE-2026-32202 is a Windows Shell protection mechanism failure (CVSS 4.3) being actively exploited by APT28 (Fancy Bear) as a zero-click attack. The flaw forces Windows to authenticate to an attacker-controlled server, allowing NTLMv2 hash theft that can be relayed or cracked for lateral movement. It is an incomplete fix for CVE-2026-21510 when combined with CVE-2026-21513. CISA added the vulnerability to the Known Exploited Vulnerabilities catalog on April 29, 2026, alongside CVE-2024-1708 (ConnectWise ScreenConnect path traversal), setting a FCEB agency patch deadline of May 12, 2026. The fix is the April 2026 cumulative update KB5083769, which covers Windows 11 versions 24H2 and 25H2. Federal civilian agencies are legally required to apply the patch by today's deadline. Non-federal organizations running affected Windows versions should treat this with equivalent urgency given confirmed APT28 exploitation; NTLMv2 relay attacks continue to be a reliable lateral-movement vector in enterprise environments.