The unpatched search: URI handler vulnerability extends a pattern first seen in CVE-2026-33829 and CVE-2023-35636, where URI parameters trigger unauthenticated SMB connections that leak Net-NTLMv2 hashes. Huntress researchers demonstrated that crumb=location: accepts arbitrary UNC paths identical to the earlier filePath flaw in the Snipping Tool, yet Microsoft declined remediation after April 2026 disclosure because the issue fell below its Important/Critical threshold. This decision ignores the cumulative effect of multiple moderate-severity NTLM leakage vectors that together enable reliable relay attacks against domain controllers and file servers. Historical parallels include Varonis' February 2024 research on crumb-based leaks and repeated Microsoft advisories on SMB signing gaps dating back to 2017, none of which addressed the root cause of overly permissive URI handlers in core Windows components. The result is a persistent attack surface that defenders must mitigate through network-level controls rather than vendor updates, revealing a structural mismatch between Microsoft's severity rubric and real-world relay risk in hybrid environments.