January 2026 Security Updates
Security Update
secure@microsoft.com
The Microsoft Security Response Center (MSRC) identifies, monitors, resolves, and responds to security incidents and Microsoft software security vulnerabilities. For more information, see http://www.microsoft.com/security/msrc.
2026-Jan
2026-Jan
Final
1.0
612
2026-05-11T14:44:42
January 2026 Security Updates
2026-01-13T08:00:00
2026-05-11T14:44:42
<h2 id="this-release-consists-of-the-following-124-microsoft-cves">This release consists of the following 124 Microsoft CVEs:</h2>
<table>
<thead>
<tr>
<th>Tag</th>
<th>CVE</th>
<th>Base Score</th>
<th>CVSS Vector</th>
<th>Exploitability</th>
<th>FAQs?</th>
<th>Workarounds?</th>
<th>Mitigations?</th>
</tr>
</thead>
<tbody>
<tr>
<td>Windows Deployment Services</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-0386">CVE-2026-0386</a></td>
<td>7.5</td>
<td>CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Unlikely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>SQL Server</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-20803">CVE-2026-20803</a></td>
<td>7.2</td>
<td>CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Windows Hello</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-20804">CVE-2026-20804</a></td>
<td>7.7</td>
<td>CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C</td>
<td>Exploitation Unlikely</td>
<td>No</td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Desktop Window Manager</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-20805">CVE-2026-20805</a></td>
<td>5.5</td>
<td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C</td>
<td>Exploitation Detected</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Printer Association Object</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-20808">CVE-2026-20808</a></td>
<td>7.0</td>
<td>CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Windows Kernel Memory</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-20809">CVE-2026-20809</a></td>
<td>7.8</td>
<td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Windows Ancillary Function Driver for WinSock</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-20810">CVE-2026-20810</a></td>
<td>7.8</td>
<td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Windows Win32K - ICOMP</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-20811">CVE-2026-20811</a></td>
<td>7.8</td>
<td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Windows LDAP - Lightweight Directory Access Protocol</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-20812">CVE-2026-20812</a></td>
<td>6.5</td>
<td>CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td>No</td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Graphics Kernel</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-20814">CVE-2026-20814</a></td>
<td>7.0</td>
<td>CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Capability Access Management Service (camsvc)</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-20815">CVE-2026-20815</a></td>
<td>7.0</td>
<td>CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Windows Installer</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-20816">CVE-2026-20816</a></td>
<td>7.8</td>
<td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation More Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Windows Error Reporting</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-20817">CVE-2026-20817</a></td>
<td>7.8</td>
<td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation More Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Windows Kernel</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-20818">CVE-2026-20818</a></td>
<td>6.2</td>
<td>CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C</td>
<td>Exploitation Unlikely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Windows Virtualization-Based Security (VBS) Enclave</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-20819">CVE-2026-20819</a></td>
<td>5.5</td>
<td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Windows Common Log File System Driver</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-20820">CVE-2026-20820</a></td>
<td>7.8</td>
<td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation More Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Windows Remote Procedure Call</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-20821">CVE-2026-20821</a></td>
<td>6.2</td>
<td>CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C</td>
<td>Exploitation Unlikely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Microsoft Graphics Component</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-20822">CVE-2026-20822</a></td>
<td>7.8</td>
<td>CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Windows File Explorer</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-20823">CVE-2026-20823</a></td>
<td>5.5</td>
<td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C</td>
<td>Exploitation Unlikely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Windows Remote Assistance</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-20824">CVE-2026-20824</a></td>
<td>5.5</td>
<td>CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Windows Hyper-V</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-20825">CVE-2026-20825</a></td>
<td>4.4</td>
<td>CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Tablet Windows User Interface (TWINUI) Subsystem</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-20826">CVE-2026-20826</a></td>
<td>7.8</td>
<td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Tablet Windows User Interface (TWINUI) Subsystem</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-20827">CVE-2026-20827</a></td>
<td>5.5</td>
<td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C</td>
<td>Exploitation Unlikely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Windows Internet Connection Sharing (ICS)</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-20828">CVE-2026-20828</a></td>
<td>4.6</td>
<td>CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Windows TPM</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-20829">CVE-2026-20829</a></td>
<td>5.5</td>
<td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Capability Access Management Service (camsvc)</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-20830">CVE-2026-20830</a></td>
<td>7.0</td>
<td>CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Unlikely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Windows Ancillary Function Driver for WinSock</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-20831">CVE-2026-20831</a></td>
<td>7.8</td>
<td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Windows Remote Procedure Call Interface Definition Language (IDL)</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-20832">CVE-2026-20832</a></td>
<td>7.8</td>
<td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Windows Kerberos</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-20833">CVE-2026-20833</a></td>
<td>5.5</td>
<td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Windows Shell</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-20834">CVE-2026-20834</a></td>
<td>4.6</td>
<td>CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td>No</td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Capability Access Management Service (camsvc)</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-20835">CVE-2026-20835</a></td>
<td>5.5</td>
<td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Graphics Kernel</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-20836">CVE-2026-20836</a></td>
<td>7.0</td>
<td>CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Windows Media</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-20837">CVE-2026-20837</a></td>
<td>7.8</td>
<td>CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Windows Kernel</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-20838">CVE-2026-20838</a></td>
<td>5.5</td>
<td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Windows Client-Side Caching (CSC) Service</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-20839">CVE-2026-20839</a></td>
<td>5.5</td>
<td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C</td>
<td>Exploitation Unlikely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Windows NTFS</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-20840">CVE-2026-20840</a></td>
<td>7.8</td>
<td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation More Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Windows DWM</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-20842">CVE-2026-20842</a></td>
<td>7.0</td>
<td>CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Windows Routing and Remote Access Service (RRAS)</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-20843">CVE-2026-20843</a></td>
<td>7.8</td>
<td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation More Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Windows Clipboard Server</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-20844">CVE-2026-20844</a></td>
<td>7.4</td>
<td>CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Windows Shell</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-20847">CVE-2026-20847</a></td>
<td>6.5</td>
<td>CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C</td>
<td>Exploitation Unlikely</td>
<td>No</td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Windows SMB Server</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-20848">CVE-2026-20848</a></td>
<td>7.5</td>
<td>CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Unlikely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Windows Kerberos</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-20849">CVE-2026-20849</a></td>
<td>7.5</td>
<td>CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Unlikely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Capability Access Management Service (camsvc)</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-20851">CVE-2026-20851</a></td>
<td>6.2</td>
<td>CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Windows Hello</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-20852">CVE-2026-20852</a></td>
<td>7.7</td>
<td>CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td>No</td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Windows WalletService</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-20853">CVE-2026-20853</a></td>
<td>7.4</td>
<td>CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Windows Local Security Authority Subsystem Service (LSASS)</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-20854">CVE-2026-20854</a></td>
<td>7.5</td>
<td>CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Windows Server Update Service</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-20856">CVE-2026-20856</a></td>
<td>8.1</td>
<td>CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Windows Cloud Files Mini Filter Driver</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-20857">CVE-2026-20857</a></td>
<td>7.8</td>
<td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Unlikely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Windows Management Services</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-20858">CVE-2026-20858</a></td>
<td>7.8</td>
<td>CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:T/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Windows Kernel-Mode Drivers</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-20859">CVE-2026-20859</a></td>
<td>7.8</td>
<td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Windows Ancillary Function Driver for WinSock</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-20860">CVE-2026-20860</a></td>
<td>7.8</td>
<td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation More Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Windows Management Services</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-20861">CVE-2026-20861</a></td>
<td>7.8</td>
<td>CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Windows Management Services</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-20862">CVE-2026-20862</a></td>
<td>5.5</td>
<td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C</td>
<td>Exploitation Unlikely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Windows Win32K - ICOMP</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-20863">CVE-2026-20863</a></td>
<td>7.0</td>
<td>CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Connected Devices Platform Service (Cdpsvc)</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-20864">CVE-2026-20864</a></td>
<td>7.8</td>
<td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Unlikely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Windows Management Services</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-20865">CVE-2026-20865</a></td>
<td>7.8</td>
<td>CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Windows Management Services</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-20866">CVE-2026-20866</a></td>
<td>7.8</td>
<td>CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Windows Management Services</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-20867">CVE-2026-20867</a></td>
<td>7.8</td>
<td>CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Unlikely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Windows Routing and Remote Access Service (RRAS)</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-20868">CVE-2026-20868</a></td>
<td>8.8</td>
<td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Windows Local Session Manager (LSM)</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-20869">CVE-2026-20869</a></td>
<td>7.0</td>
<td>CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Windows Win32K - ICOMP</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-20870">CVE-2026-20870</a></td>
<td>7.8</td>
<td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Desktop Window Manager</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-20871">CVE-2026-20871</a></td>
<td>7.8</td>
<td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation More Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Windows NTLM</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-20872">CVE-2026-20872</a></td>
<td>6.5</td>
<td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Windows Management Services</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-20873">CVE-2026-20873</a></td>
<td>7.8</td>
<td>CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Windows Management Services</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-20874">CVE-2026-20874</a></td>
<td>7.8</td>
<td>CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Windows Local Security Authority Subsystem Service (LSASS)</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-20875">CVE-2026-20875</a></td>
<td>7.5</td>
<td>CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td>No</td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Windows Virtualization-Based Security (VBS) Enclave</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-20876">CVE-2026-20876</a></td>
<td>6.7</td>
<td>CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Windows Management Services</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-20877">CVE-2026-20877</a></td>
<td>7.8</td>
<td>CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Windows Management Services</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-20918">CVE-2026-20918</a></td>
<td>7.8</td>
<td>CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Unlikely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Windows SMB Server</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-20919">CVE-2026-20919</a></td>
<td>7.5</td>
<td>CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Unlikely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Windows Win32K - ICOMP</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-20920">CVE-2026-20920</a></td>
<td>7.8</td>
<td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Unlikely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Windows SMB Server</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-20921">CVE-2026-20921</a></td>
<td>7.5</td>
<td>CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Unlikely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Windows NTFS</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-20922">CVE-2026-20922</a></td>
<td>7.8</td>
<td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation More Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Windows Management Services</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-20923">CVE-2026-20923</a></td>
<td>7.8</td>
<td>CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Windows Management Services</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-20924">CVE-2026-20924</a></td>
<td>7.8</td>
<td>CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Windows NTLM</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-20925">CVE-2026-20925</a></td>
<td>6.5</td>
<td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Windows SMB Server</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-20926">CVE-2026-20926</a></td>
<td>7.5</td>
<td>CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Unlikely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Windows SMB Server</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-20927">CVE-2026-20927</a></td>
<td>5.3</td>
<td>CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Unlikely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Windows HTTP.sys</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-20929">CVE-2026-20929</a></td>
<td>7.5</td>
<td>CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Unlikely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Windows Telephony Service</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-20931">CVE-2026-20931</a></td>
<td>8.0</td>
<td>CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Unlikely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Windows File Explorer</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-20932">CVE-2026-20932</a></td>
<td>5.5</td>
<td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C</td>
<td>Exploitation Unlikely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Windows SMB Server</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-20934">CVE-2026-20934</a></td>
<td>7.5</td>
<td>CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Unlikely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Windows Virtualization-Based Security (VBS) Enclave</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-20935">CVE-2026-20935</a></td>
<td>6.2</td>
<td>CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Windows NDIS</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-20936">CVE-2026-20936</a></td>
<td>4.3</td>
<td>CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C</td>
<td>Exploitation Unlikely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Windows File Explorer</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-20937">CVE-2026-20937</a></td>
<td>5.5</td>
<td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C</td>
<td>Exploitation Unlikely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Windows Virtualization-Based Security (VBS) Enclave</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-20938">CVE-2026-20938</a></td>
<td>7.8</td>
<td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Windows File Explorer</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-20939">CVE-2026-20939</a></td>
<td>5.5</td>
<td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C</td>
<td>Exploitation Unlikely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Windows Cloud Files Mini Filter Driver</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-20940">CVE-2026-20940</a></td>
<td>7.8</td>
<td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Unlikely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Host Process for Windows Tasks</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-20941">CVE-2026-20941</a></td>
<td>7.8</td>
<td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td><strong>Yes</strong></td>
<td>No</td>
</tr>
<tr>
<td>Microsoft Office</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-20943">CVE-2026-20943</a></td>
<td>7.0</td>
<td>CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Microsoft Office Word</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-20944">CVE-2026-20944</a></td>
<td>8.4</td>
<td>CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Microsoft Office Excel</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-20946">CVE-2026-20946</a></td>
<td>7.8</td>
<td>CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Microsoft Office SharePoint</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-20947">CVE-2026-20947</a></td>
<td>8.8</td>
<td>CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Unlikely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Microsoft Office Word</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-20948">CVE-2026-20948</a></td>
<td>7.8</td>
<td>CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Microsoft Office Excel</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-20949">CVE-2026-20949</a></td>
<td>7.8</td>
<td>CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Microsoft Office Excel</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-20950">CVE-2026-20950</a></td>
<td>7.8</td>
<td>CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Microsoft Office SharePoint</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-20951">CVE-2026-20951</a></td>
<td>7.8</td>
<td>CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Microsoft Office</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-20952">CVE-2026-20952</a></td>
<td>8.4</td>
<td>CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Microsoft Office</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-20953">CVE-2026-20953</a></td>
<td>8.4</td>
<td>CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Microsoft Office Excel</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-20955">CVE-2026-20955</a></td>
<td>7.8</td>
<td>CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Microsoft Office Excel</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-20956">CVE-2026-20956</a></td>
<td>7.8</td>
<td>CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Microsoft Office Excel</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-20957">CVE-2026-20957</a></td>
<td>7.8</td>
<td>CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Microsoft Office SharePoint</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-20958">CVE-2026-20958</a></td>
<td>5.4</td>
<td>CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Microsoft Office SharePoint</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-20959">CVE-2026-20959</a></td>
<td>4.6</td>
<td>CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Microsoft Power Apps</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-20960">CVE-2026-20960</a></td>
<td>8.0</td>
<td>CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Dynamic Root of Trust for Measurement (DRTM)</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-20962">CVE-2026-20962</a></td>
<td>4.4</td>
<td>CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Microsoft Office SharePoint</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-20963">CVE-2026-20963</a></td>
<td>8.8</td>
<td>CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Windows Admin Center</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-20965">CVE-2026-20965</a></td>
<td>7.5</td>
<td>CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Inbox COM Objects</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-21219">CVE-2026-21219</a></td>
<td>7.0</td>
<td>CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Unlikely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Capability Access Management Service (camsvc)</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-21221">CVE-2026-21221</a></td>
<td>7.0</td>
<td>CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Unlikely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Microsoft Edge (Chromium-based)</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-21223">CVE-2026-21223</a></td>
<td>N/A</td>
<td>N/A</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Azure Connected Machine Agent</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-21224">CVE-2026-21224</a></td>
<td>7.8</td>
<td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Azure Core shared client library for Python</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-21226">CVE-2026-21226</a></td>
<td>7.5</td>
<td>CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Azure Logic Apps</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-21227">CVE-2026-21227</a></td>
<td>8.2</td>
<td>CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N/E:U/RL:O/RC:C</td>
<td>N/A</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Microsoft Account</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-21264">CVE-2026-21264</a></td>
<td>9.3</td>
<td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C</td>
<td>N/A</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Windows Secure Boot</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-21265">CVE-2026-21265</a></td>
<td>6.4</td>
<td>CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Microsoft Office</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-21509">CVE-2026-21509</a></td>
<td>7.8</td>
<td>CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Detected</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td><strong>Yes</strong></td>
</tr>
<tr>
<td>Copilot Studio</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-21520">CVE-2026-21520</a></td>
<td>7.5</td>
<td>CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C/CR:H/IR:L/AR:L</td>
<td>N/A</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Copilot</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-21521">CVE-2026-21521</a></td>
<td>7.4</td>
<td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C</td>
<td>N/A</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Azure Data Explorer</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-21524">CVE-2026-21524</a></td>
<td>7.4</td>
<td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N/E:P/RL:O/RC:C</td>
<td>N/A</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Azure Resource Manager</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-24304">CVE-2026-24304</a></td>
<td>9.9</td>
<td>CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>N/A</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Azure Entra ID</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-24305">CVE-2026-24305</a></td>
<td>9.3</td>
<td>CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N/E:U/RL:O/RC:C</td>
<td>N/A</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Azure Front Door (AFD)</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-24306">CVE-2026-24306</a></td>
<td>9.8</td>
<td>CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>N/A</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>M365 Copilot</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-24307">CVE-2026-24307</a></td>
<td>9.3</td>
<td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C</td>
<td>N/A</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
</tbody>
</table>
<h2 id="we-are-republishing-14-non-microsoft-cves">We are republishing 14 non-Microsoft CVEs:</h2>
<table>
<thead>
<tr>
<th>CNA</th>
<th>Tag</th>
<th>CVE</th>
<th>FAQs?</th>
<th>Workarounds?</th>
<th>Mitigations?</th>
</tr>
</thead>
<tbody>
<tr>
<td>MITRE Corporation</td>
<td>Agere Windows Modem Driver</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2023-31096">CVE-2023-31096</a></td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>MITRE Corporation</td>
<td>Windows Motorola Soft Modem Driver</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-55414">CVE-2024-55414</a></td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Chrome</td>
<td>Microsoft Edge (Chromium-based)</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-0628">CVE-2026-0628</a></td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Chrome</td>
<td>Microsoft Edge (Chromium-based)</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-0899">CVE-2026-0899</a></td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Chrome</td>
<td>Microsoft Edge (Chromium-based)</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-0900">CVE-2026-0900</a></td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Chrome</td>
<td>Microsoft Edge (Chromium-based)</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-0901">CVE-2026-0901</a></td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Chrome</td>
<td>Microsoft Edge (Chromium-based)</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-0902">CVE-2026-0902</a></td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Chrome</td>
<td>Microsoft Edge (Chromium-based)</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-0903">CVE-2026-0903</a></td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Chrome</td>
<td>Microsoft Edge (Chromium-based)</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-0904">CVE-2026-0904</a></td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Chrome</td>
<td>Microsoft Edge (Chromium-based)</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-0905">CVE-2026-0905</a></td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Chrome</td>
<td>Microsoft Edge (Chromium-based)</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-0906">CVE-2026-0906</a></td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Chrome</td>
<td>Microsoft Edge (Chromium-based)</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-0907">CVE-2026-0907</a></td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Chrome</td>
<td>Microsoft Edge (Chromium-based)</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-0908">CVE-2026-0908</a></td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Chrome</td>
<td>Microsoft Edge (Chromium-based)</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-1220">CVE-2026-1220</a></td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
</tbody>
</table>
<h2 id="security-update-guide-blog-posts">Security Update Guide Blog Posts</h2>
<table>
<thead>
<tr>
<th>Date</th>
<th>Blog Post</th>
</tr>
</thead>
<tbody>
<tr>
<td>October 31, 2025</td>
<td><a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/introducing-new-features-improved-security-experience">You asked, we delivered: Introducing new features for an improved security experience</a></td>
</tr>
<tr>
<td>October 28, 2025</td>
<td><a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/understanding-cve-2025-55315">Understanding CVE-2025-55315: What CISOs, security engineers, and sysadmins should know</a></td>
</tr>
<tr>
<td>October 22, 2025</td>
<td><a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">Toward greater transparency: Introducing machine-readable Vulnerability Exploitability Xchange (VEX) for Azure Linux and beyond</a></td>
</tr>
<tr>
<td>November 12, 2024</td>
<td><a href="https://aka.ms/MSRC-CSAF-Blog">Toward greater transparency: Publishing machine-readable CSAF files</a></td>
</tr>
<tr>
<td>June 27, 2024</td>
<td><a href="https://msrc.microsoft.com/blog/2024/06/toward-greater-transparency-unveiling-cloud-service-cves/">Toward greater transparency: Unveiling Cloud Service CVEs</a></td>
</tr>
<tr>
<td>April 9, 2024</td>
<td><a href="https://aka.ms/MSRC-CWE-Blog">Toward greater transparency: Security Update Guide now shares CWEs for CVEs</a></td>
</tr>
<tr>
<td>January 6, 2023</td>
<td><a href="https://msrc.microsoft.com/blog/2023/01/publishing-cbl-mariner-cves-on-the-security-update-guide-cvrf-api/">Publishing CBL-Mariner CVEs on the Security Update Guide CVRF API</a></td>
</tr>
<tr>
<td>January 11, 2022</td>
<td><a href="https://aka.ms/SUGNotificationProfile">Coming Soon: New Security Update Guide Notification System</a></td>
</tr>
<tr>
<td>February 9, 2021</td>
<td><a href="https://msrc-blog.microsoft.com/2021/02/09/continuing-to-listen-good-news-about-the-security-update-guide-api/">Continuing to Listen: Good News about the Security Update Guide API</a></td>
</tr>
<tr>
<td>January 13, 2021</td>
<td><a href="https://msrc-blog.microsoft.com/2021/01/13/security-update-guide-supports-cves-assigned-by-industry-partners/">Security Update Guide Supports CVEs Assigned by Industry Partners</a></td>
</tr>
<tr>
<td>December 8, 2020</td>
<td><a href="https://msrc-blog.microsoft.com/2020/12/08/security-update-guide-lets-keep-the-conversation-going/">Security Update Guide: Let’s keep the conversation going</a></td>
</tr>
<tr>
<td>November 9, 2020</td>
<td><a href="https://msrc-blog.microsoft.com/2020/11/09/vulnerability-descriptions-in-the-new-version-of-the-security-update-guide/">Vulnerability Descriptions in the New Version of the Security Update Guide</a></td>
</tr>
</tbody>
</table>
<h2 id="relevant-resources">Relevant Resources</h2>
<ul>
<li>The new Hotpatching feature is now generally available. Please see <a href="https://docs.microsoft.com/en-us/azure/automanage/automanage-hotpatch?WT.mc_id=modinfra-18529-thmaure">Hotpatching feature for Windows Server Azure Edition virtual machines (VMs)</a> for more information.</li>
<li>Windows 10 and Windows 11 updates are cumulative. The monthly security release includes all security fixes for vulnerabilities that affect Windows 10 and Windows 11, in addition to non-security updates. The updates are available via the <a href="https://www.catalog.update.microsoft.com/Home.aspx">Microsoft Update Catalog</a>. For information on lifecycle and support dates for Windows 10 and Windows 11 operating systems, please see <a href="https://docs.microsoft.com/en-us/lifecycle/faq/windows">Windows Lifecycle Facts Sheet</a>.</li>
<li>Microsoft is improving Windows Release Notes. For more information, please see <a href="https://techcommunity.microsoft.com/t5/windows-it-pro-blog/what-s-next-for-windows-release-notes/ba-p/1754399">What's next for Windows release notes</a>.</li>
<li>A list of the latest servicing stack updates for each operating system can be found in <a href="https://msrc.microsoft.com/update-guide/en-us/vulnerability/ADV990001">ADV990001</a>. This list will be updated whenever a new servicing stack update is released. It is important to install the latest servicing stack update.</li>
<li>In addition to security changes for the vulnerabilities, updates include defense-in-depth updates to help improve security-related features.</li>
<li>Customers running Windows Server 2008 R2, or Windows Server 2008 need to purchase the Extended Security Update to continue receiving security updates. See <a href="https://support.microsoft.com/en-us/topic/procedure-to-continue-receiving-security-updates-after-extended-support-ends-on-january-14-2020-48c59204-fe67-3f42-84fc-c3c3145ff28e">4522133</a> for more information.</li>
</ul>
<h2 id="known-issues">Known Issues</h2>
<p>You can see these in more detail from the Deployments tab by selecting <strong>Known Issues</strong> column in the <strong>Edit Columns</strong> panel.</p>
<p>For more information about Windows Known Issues, please see <a href="https://docs.microsoft.com/en-us/windows/release-information/windows-message-center">Windows message center</a> (links to currently-supported versions of Windows are in the left pane).</p>
<table>
<thead>
<tr>
<th>KB Article</th>
<th>Applies To</th>
</tr>
</thead>
<tbody>
<tr>
<td><a href="https://support.microsoft.com/help/5073379">5073379</a></td>
<td>Windows Server 2025</td>
</tr>
<tr>
<td><a href="https://support.microsoft.com/help/5073450">5073450</a></td>
<td>Windows Server 23H2</td>
</tr>
<tr>
<td><a href="https://support.microsoft.com/help/5073457">5073457</a></td>
<td>Windows Server 2022</td>
</tr>
<tr>
<td><a href="https://support.microsoft.com/help/5074109">5074109</a></td>
<td>Windows 11, version 24H2, Windows 11, version 25H2</td>
</tr>
</tbody>
</table>
The information provided in the Microsoft Knowledge Base is provided "as is" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.
Windows 11 Version 25H2 for x64-based Systems
Windows 11 Version 25H2 for ARM64-based Systems
Windows 10 Version 1809 for 32-bit Systems
Windows 10 Version 1809 for x64-based Systems
Windows Server 2019
Windows Server 2019 (Server Core installation)
Windows Server 2022
Windows Server 2022 (Server Core installation)
Windows 10 Version 21H2 for 32-bit Systems
Windows 10 Version 21H2 for ARM64-based Systems
Windows 10 Version 21H2 for x64-based Systems
Windows Server 2025 (Server Core installation)
Windows 11 Version 23H2 for ARM64-based Systems
Windows 11 Version 23H2 for x64-based Systems
Windows Server 2022, 23H2 Edition (Server Core installation)
Windows 11 Version 24H2 for ARM64-based Systems
Windows 11 Version 24H2 for x64-based Systems
Windows Server 2025
Windows 10 Version 1607 for 32-bit Systems
Windows 10 Version 1607 for x64-based Systems
Windows Server 2016
Windows Server 2016 (Server Core installation)
Windows 10 Version 22H2 for x64-based Systems
Windows 10 Version 22H2 for ARM64-based Systems
Windows 10 Version 22H2 for 32-bit Systems
Windows Server 2012
Windows Server 2012 (Server Core installation)
Windows Server 2012 R2
Windows Server 2012 R2 (Server Core installation)
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
Microsoft SQL Server 2022 for x64-based Systems (GDR)
Microsoft SQL Server 2025 for x64-based Systems (GDR)
Microsoft SQL Server 2022 for x64-based Systems (CU 22)
Windows Admin Center in Azure Portal
Azure Connected Machine Agent
Microsoft Power Apps Desktop Client
Azure Core shared client library for Python
Azure Resource Manager
Azure Front Door
Azure Data Explorer
Microsoft Entra ID
Azure Logic Apps
Microsoft Account
Microsoft SharePoint Server 2019
Microsoft Office 2016 (32-bit edition)
Microsoft Office 2016 (64-bit edition)
Microsoft SharePoint Enterprise Server 2016
Microsoft SharePoint Server Subscription Edition
Microsoft Office Deployment Tool
Microsoft 365 Apps for Enterprise for 32-bit Systems
Microsoft 365 Apps for Enterprise for 64-bit Systems
Microsoft Office LTSC for Mac 2021
Microsoft Office LTSC for Mac 2024
Microsoft Office 2019 for 32-bit editions
Microsoft Office 2019 for 64-bit editions
Microsoft Office LTSC 2021 for 64-bit editions
Microsoft Office LTSC 2021 for 32-bit editions
Microsoft Office LTSC 2024 for 32-bit editions
Microsoft Office LTSC 2024 for 64-bit editions
Microsoft Excel 2016 (32-bit edition)
Microsoft Excel 2016 (64-bit edition)
Office Online Server
Microsoft Word 2016 (32-bit edition)
Microsoft Word 2016 (64-bit edition)
Microsoft Copilot Studio
Microsoft Edge (Chromium-based)
Windows SDK
Microsoft 365 Copilot
Microsoft 365 Word Copilot
azl3 harfbuzz 8.3.0-4 on Azure Linux 3.0
cbl2 qt5-qtbase 5.12.11-19 on CBL Mariner 2.0
azl3 kata-containers-cc 3.15.0.aks0-5 on Azure Linux 3.0
azl3 kata-containers-cc 3.15.0.aks0-6 on Azure Linux 3.0
azl3 libsoup 3.4.4-11 on Azure Linux 3.0
azl3 openldap 2.6.7-2 on Azure Linux 3.0
azl3 ceph 18.2.2-12 on Azure Linux 3.0
azl3 crash 9.0.0-1 on Azure Linux 3.0
cbl2 binutils 2.37-19 on CBL Mariner 2.0
azl3 python-tensorboard 2.16.2-6 on Azure Linux 3.0
cbl2 nmap 7.93-3 on CBL Mariner 2.0
azl3 rubygem-mini_portile2 2.8.4-1 on Azure Linux 3.0
cbl2 rubygem-mini_portile2 2.8.0-1 on CBL Mariner 2.0
cbl2 rust 1.72.0-11 on CBL Mariner 2.0
cbl2 tensorflow 2.11.1-2 on CBL Mariner 2.0
azl3 binutils 2.41-10 on Azure Linux 3.0
azl3 boost 1.83.0-2 on Azure Linux 3.0
azl3 gdb 13.2-6 on Azure Linux 3.0
cbl2 boost 1.76.0-4 on CBL Mariner 2.0
cbl2 ceph 16.2.10-11 on CBL Mariner 2.0
cbl2 cloud-hypervisor 32.0-7 on CBL Mariner 2.0
cbl2 crash 8.0.1-5 on CBL Mariner 2.0
cbl2 gcc 11.2.0-9 on CBL Mariner 2.0
cbl2 gdb 11.2-10 on CBL Mariner 2.0
cbl2 keras 2.11.0-3 on CBL Mariner 2.0
cbl2 python-tensorboard 2.11.0-3 on CBL Mariner 2.0
azl3 rust 1.75.0-22 on Azure Linux 3.0
azl3 rust 1.86.0-10 on Azure Linux 3.0
azl3 wget 2.1.0-6 on Azure Linux 3.0
azl3 wget 2.1.0-7 on Azure Linux 3.0
cbl2 libpng 1.6.52-1 on CBL Mariner 2.0
azl3 libpng 1.6.52-1 on Azure Linux 3.0
azl3 harfbuzz 8.3.0-3 on Azure Linux 3.0
cbl2 harfbuzz 3.4.0-3 on CBL Mariner 2.0
azl3 qtbase 6.6.3-4 on Azure Linux 3.0
azl3 libtpms 0.9.6-8 on Azure Linux 3.0
azl3 gcc 13.2.0-7 on Azure Linux 3.0
cbl2 grpc 1.42.0-11 on CBL Mariner 2.0
azl3 nmap 7.95-2 on Azure Linux 3.0
azl3 tcl 8.6.13-3 on Azure Linux 3.0
azl3 zlib 1.3.1-1 on Azure Linux 3.0
azl3 grpc 1.62.3-1 on Azure Linux 3.0
azl3 tensorflow 2.16.1-9 on Azure Linux 3.0
cbl2 tcl 8.6.13-3 on CBL Mariner 2.0
cbl2 zlib 1.2.13-2 on CBL Mariner 2.0
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
Windows Server 2012
Windows Server 2012 (Server Core installation)
Windows Server 2012 R2
Windows Server 2012 R2 (Server Core installation)
Microsoft Excel 2016 (32-bit edition)
Microsoft Excel 2016 (64-bit edition)
Microsoft Word 2016 (32-bit edition)
Microsoft Word 2016 (64-bit edition)
Microsoft Office 2016 (32-bit edition)
Microsoft Office 2016 (64-bit edition)
Windows Server 2016
Office Online Server
Windows 10 Version 1607 for 32-bit Systems
Windows 10 Version 1607 for x64-based Systems
Windows Server 2016 (Server Core installation)
Microsoft SharePoint Enterprise Server 2016
Windows 10 Version 1809 for 32-bit Systems
Windows 10 Version 1809 for x64-based Systems
Windows Server 2019
Windows Server 2019 (Server Core installation)
Microsoft Office 2019 for 32-bit editions
Microsoft Office 2019 for 64-bit editions
Microsoft SharePoint Server 2019
Microsoft Edge (Chromium-based)
Microsoft 365 Apps for Enterprise for 32-bit Systems
Microsoft 365 Apps for Enterprise for 64-bit Systems
Windows Server 2022
Windows Server 2022 (Server Core installation)
Windows 10 Version 21H2 for 32-bit Systems
Windows 10 Version 21H2 for ARM64-based Systems
Windows 10 Version 21H2 for x64-based Systems
Microsoft Office LTSC for Mac 2021
Microsoft Office LTSC 2021 for 64-bit editions
Microsoft Office LTSC 2021 for 32-bit editions
Microsoft SharePoint Server Subscription Edition
Azure Front Door
Azure Data Explorer
Windows 10 Version 22H2 for x64-based Systems
Windows 10 Version 22H2 for ARM64-based Systems
Windows 10 Version 22H2 for 32-bit Systems
Microsoft SQL Server 2022 for x64-based Systems (GDR)
Azure Logic Apps
Windows 11 Version 23H2 for ARM64-based Systems
Windows 11 Version 23H2 for x64-based Systems
Windows Server 2022, 23H2 Edition (Server Core installation)
Azure Connected Machine Agent
Microsoft Entra ID
Windows 11 Version 24H2 for ARM64-based Systems
Windows 11 Version 24H2 for x64-based Systems
Microsoft Copilot Studio
Microsoft Office LTSC 2024 for 32-bit editions
Microsoft Office LTSC 2024 for 64-bit editions
Windows Server 2025
Windows Server 2025 (Server Core installation)
Microsoft Office LTSC for Mac 2024
Azure Resource Manager
Microsoft Account
Windows Admin Center in Azure Portal
Microsoft Power Apps Desktop Client
Windows SDK
Microsoft 365 Copilot
cbl2 kernel 5.15.186.1-1 on CBL Mariner 2.0
cbl2 glibc 2.35-7 on CBL Mariner 2.0
azl3 libtasn1 4.19.0-2 on Azure Linux 3.0
azl3 harfbuzz 8.3.0-3 on Azure Linux 3.0
azl3 avahi 0.8-5 on Azure Linux 3.0
azl3 python-virtualenv 20.25.0-3 on Azure Linux 3.0
azl3 libsndfile 1.2.2-3 on Azure Linux 3.0
azl3 python-werkzeug 3.0.3-2 on Azure Linux 3.0
azl3 nmap 7.95-2 on Azure Linux 3.0
azl3 grpc 1.62.3-1 on Azure Linux 3.0
azl3 tensorflow 2.16.1-9 on Azure Linux 3.0
azl3 krb5 1.21.3-2 on Azure Linux 3.0
cbl2 grpc 1.42.0-11 on CBL Mariner 2.0
cbl2 harfbuzz 3.4.0-3 on CBL Mariner 2.0
cbl2 zlib 1.2.13-2 on CBL Mariner 2.0
cbl2 tcl 8.6.13-3 on CBL Mariner 2.0
azl3 zlib 1.3.1-1 on Azure Linux 3.0
azl3 tcl 8.6.13-3 on Azure Linux 3.0
cbl2 strongswan 5.9.10-3 on CBL Mariner 2.0
azl3 gcc 13.2.0-7 on Azure Linux 3.0
cbl2 gnutls 3.7.11-4 on CBL Mariner 2.0
azl3 libtpms 0.9.6-8 on Azure Linux 3.0
azl3 qtbase 6.6.3-4 on Azure Linux 3.0
azl3 gnutls 3.8.3-6 on Azure Linux 3.0
cbl2 tensorflow 2.11.1-2 on CBL Mariner 2.0
azl3 python-tensorboard 2.16.2-6 on Azure Linux 3.0
cbl2 python-tensorboard 2.11.0-3 on CBL Mariner 2.0
azl3 rubygem-mini_portile2 2.8.4-1 on Azure Linux 3.0
cbl2 rubygem-mini_portile2 2.8.0-1 on CBL Mariner 2.0
cbl2 boost 1.76.0-4 on CBL Mariner 2.0
cbl2 avahi 0.8-4 on CBL Mariner 2.0
cbl2 python-werkzeug 2.3.7-3 on CBL Mariner 2.0
azl3 boost 1.83.0-2 on Azure Linux 3.0
cbl2 keras 2.11.0-3 on CBL Mariner 2.0
cbl2 cloud-hypervisor 32.0-7 on CBL Mariner 2.0
cbl2 nmap 7.93-3 on CBL Mariner 2.0
cbl2 libtasn1 4.19.0-2 on CBL Mariner 2.0
cbl2 libsndfile 1.0.31-4 on CBL Mariner 2.0
cbl2 krb5 1.19.4-4 on CBL Mariner 2.0
cbl2 python-urllib3 1.26.19-2 on CBL Mariner 2.0
azl3 kata-containers-cc 3.15.0.aks0-5 on Azure Linux 3.0
Windows 11 Version 25H2 for ARM64-based Systems
Windows 11 Version 25H2 for x64-based Systems
Microsoft 365 Word Copilot
cbl2 python-virtualenv 20.26.6-2 on CBL Mariner 2.0
cbl2 curl 8.8.0-7 on CBL Mariner 2.0
azl3 curl 8.11.1-4 on Azure Linux 3.0
azl3 cmake 3.30.3-10 on Azure Linux 3.0
azl3 gdb 13.2-6 on Azure Linux 3.0
cbl2 gdb 11.2-10 on CBL Mariner 2.0
cbl2 binutils 2.37-19 on CBL Mariner 2.0
cbl2 crash 8.0.1-5 on CBL Mariner 2.0
cbl2 libsoup 3.0.4-10 on CBL Mariner 2.0
cbl2 libxml2 2.10.4-9 on CBL Mariner 2.0
cbl2 rust 1.72.0-11 on CBL Mariner 2.0
cbl2 mysql 8.0.44-2 on CBL Mariner 2.0
azl3 binutils 2.41-10 on Azure Linux 3.0
azl3 mysql 8.0.44-2 on Azure Linux 3.0
azl3 libxml2 2.11.5-7 on Azure Linux 3.0
azl3 keras 3.3.3-5 on Azure Linux 3.0
cbl2 gcc 11.2.0-9 on CBL Mariner 2.0
cbl2 cmake 3.21.4-20 on CBL Mariner 2.0
cbl2 ceph 16.2.10-11 on CBL Mariner 2.0
azl3 kernel 6.6.117.1-1 on Azure Linux 3.0
azl3 ceph 18.2.2-12 on Azure Linux 3.0
azl3 rust 1.75.0-22 on Azure Linux 3.0
Microsoft SQL Server 2025 for x64-based Systems (GDR)
Microsoft SQL Server 2022 for x64-based Systems (CU 22)
cbl2 coredns 1.11.1-24 on CBL Mariner 2.0
azl3 rust 1.86.0-10 on Azure Linux 3.0
azl3 libsodium 1.0.19-1 on Azure Linux 3.0
cbl2 libsodium 1.0.18-6 on CBL Mariner 2.0
azl3 crash 9.0.0-1 on Azure Linux 3.0
azl3 kernel 6.6.119.3-1 on Azure Linux 3.0
azl3 libsoup 3.4.4-11 on Azure Linux 3.0
Azure Core shared client library for Python
azl3 openldap 2.6.7-2 on Azure Linux 3.0
azl3 python-urllib3 2.0.7-3 on Azure Linux 3.0
Microsoft Office Deployment Tool
azl3 coredns 1.11.4-12 on Azure Linux 3.0
azl3 wget 2.1.0-6 on Azure Linux 3.0
cbl2 qt5-qtbase 5.12.11-19 on CBL Mariner 2.0
azl3 python-filelock 3.20.1-1 on Azure Linux 3.0
azl3 libpng 1.6.52-1 on Azure Linux 3.0
cbl2 libpng 1.6.52-1 on CBL Mariner 2.0
azl3 glibc 2.38-16 on Azure Linux 3.0
azl3 strongswan 5.9.14-7 on Azure Linux 3.0
azl3 kernel 6.6.119.3-3 on Azure Linux 3.0
azl3 kata-containers-cc 3.15.0.aks0-6 on Azure Linux 3.0
azl3 libxml2 2.11.5-8 on Azure Linux 3.0
azl3 avahi 0.8-6 on Azure Linux 3.0
azl3 tensorflow 2.16.1-10 on Azure Linux 3.0
azl3 libsodium 1.0.19-2 on Azure Linux 3.0
azl3 libtasn1 4.19.0-3 on Azure Linux 3.0
azl3 python-urllib3 2.0.7-4 on Azure Linux 3.0
azl3 wget 2.1.0-7 on Azure Linux 3.0
azl3 harfbuzz 8.3.0-4 on Azure Linux 3.0
azl3 python-pyasn1 0.4.8-1 on Azure Linux 3.0
cbl2 python-pyasn1 0.4.8-1 on CBL Mariner 2.0
azl3 keras 3.3.3-6 on Azure Linux 3.0
azl3 kernel 6.6.121.1-1 on Azure Linux 3.0
cbl2 avahi 0.8-5 on CBL Mariner 2.0
azl3 avahi 0.8-7 on Azure Linux 3.0
azl3 rust 1.75.0-24 on Azure Linux 3.0
azl3 rust 1.90.0-3 on Azure Linux 3.0
cbl2 glibc 2.35-9 on CBL Mariner 2.0
azl3 curl 8.11.1-5 on Azure Linux 3.0
cbl2 cmake 3.21.4-21 on CBL Mariner 2.0
cbl2 curl 8.8.0-8 on CBL Mariner 2.0
azl3 cmake 3.30.3-11 on Azure Linux 3.0
cbl2 rust 1.72.0-13 on CBL Mariner 2.0
azl3 libsndfile 1.2.2-4 on Azure Linux 3.0
cbl2 python-urllib3 1.26.19-3 on CBL Mariner 2.0
azl3 glibc 2.38-18 on Azure Linux 3.0
azl3 strongswan 5.9.14-8 on Azure Linux 3.0
cbl2 strongswan 5.9.10-4 on CBL Mariner 2.0
cbl2 libxml2 2.10.4-10 on CBL Mariner 2.0
azl3 krb5 1.21.3-3 on Azure Linux 3.0
cbl2 krb5 1.19.4-5 on CBL Mariner 2.0
azl3 gnutls 3.8.3-8 on Azure Linux 3.0
cbl2 gnutls 3.7.11-6 on CBL Mariner 2.0
cbl2 libtasn1 4.19.0-3 on CBL Mariner 2.0
azl3 coredns 1.11.4-13 on Azure Linux 3.0
cbl2 coredns 1.11.1-25 on CBL Mariner 2.0
azl3 mysql 8.0.45-1 on Azure Linux 3.0
cbl2 mysql 8.0.45-1 on CBL Mariner 2.0
cbl2 kernel 5.15.200.1-1 on CBL Mariner 2.0
cbl2 libsoup 3.0.4-12 on CBL Mariner 2.0
cbl2 libxml2 2.10.4-11 on CBL Mariner 2.0
azl3 kernel 6.6.126.1-1 on Azure Linux 3.0
azl3 libsoup 3.4.4-12 on Azure Linux 3.0
azl3 libxml2 2.11.5-9 on Azure Linux 3.0
azl3 cmake 3.30.3-12 on Azure Linux 3.0
cbl2 python-filelock 3.0.12-13 on CBL Mariner 2.0
cbl2 kernel 5.15.202.1-1 on CBL Mariner 2.0
azl3 kernel 6.6.130.1-3 on Azure Linux 3.0
azl3 libsoup 3.4.4-14 on Azure Linux 3.0
cbl2 python-virtualenv 20.26.6-3 on CBL Mariner 2.0
azl3 nodejs24 24.14.1-1 on Azure Linux 3.0
azl3 kernel 6.6.134.1-2 on Azure Linux 3.0
azl3 nodejs24 24.14.1-2 on Azure Linux 3.0
azl3 kernel 6.6.137.1-2 on Azure Linux 3.0
azl3 kernel 6.6.138.1-1 on Azure Linux 3.0
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
wifi: rtl818x: Fix potential memory leaks in rtl8180_init_rx_ring()
Mariner
Linux
Yes
CVE-2025-68759
20725-17084
20788-17084
20823-17084
20725-17084
20788-17084
20823-17084
Important
20725-17084
Important
20788-17084
Important
20823-17084
7.1
7.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
20725-17084
7.1
7.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
20788-17084
7.1
7.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
20823-17084
CBL-Mariner Releases
20823-17084
No
Security Update
6.6.121.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20823-17084
CBL-Mariner Releases
1.0
2026-01-06T01:01:38
<p>Information published.</p>
3.0
2026-01-20T14:45:27
<p>Information published.</p>
4.0
2026-02-18T02:52:26
<p>Information published.</p>
2.0
2026-01-08T14:44:05
<p>Information published.</p>
crypto: starfive - Correctly handle return of sg_nents_for_len
Mariner
Linux
Yes
CVE-2025-68763
20725-17084
20823-17084
20788-17084
20725-17084
20823-17084
20788-17084
Moderate
20725-17084
Moderate
20823-17084
Moderate
20788-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20725-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20823-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20788-17084
CBL-Mariner Releases
20823-17084
No
Security Update
6.6.121.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20823-17084
CBL-Mariner Releases
2.0
2026-01-08T14:44:25
<p>Information published.</p>
1.0
2026-01-06T01:01:48
<p>Information published.</p>
3.0
2026-01-13T01:36:41
<p>Information published.</p>
4.0
2026-02-21T04:08:57
<p>Information published.</p>
backlight: led-bl: Add devlink to supplier LEDs
Mariner
Linux
Yes
CVE-2025-68758
20725-17084
20823-17084
20788-17084
20725-17084
20823-17084
20788-17084
Moderate
20725-17084
Moderate
20823-17084
Moderate
20788-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20725-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20823-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20788-17084
CBL-Mariner Releases
20823-17084
No
Security Update
6.6.121.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20823-17084
CBL-Mariner Releases
3.0
2026-01-13T01:36:51
<p>Information published.</p>
4.0
2026-02-21T04:09:56
<p>Information published.</p>
1.0
2026-01-06T01:01:59
<p>Information published.</p>
2.0
2026-01-08T14:44:45
<p>Information published.</p>
block: Use RCU in blk_mq_[un]quiesce_tagset() instead of set->tag_list_lock
Mariner
Linux
Yes
CVE-2025-68756
20725-17084
20788-17084
20823-17084
20725-17084
20788-17084
20823-17084
Important
20725-17084
Important
20788-17084
Important
20823-17084
7.1
7.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
20725-17084
7.1
7.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
20788-17084
7.1
7.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
20823-17084
CBL-Mariner Releases
20823-17084
No
Security Update
6.6.121.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20823-17084
CBL-Mariner Releases
1.0
2026-01-06T01:02:04
<p>Information published.</p>
3.0
2026-01-20T14:45:49
<p>Information published.</p>
4.0
2026-02-18T02:54:14
<p>Information published.</p>
2.0
2026-01-08T14:44:55
<p>Information published.</p>
urllib3 vulnerable to decompression-bomb safeguard bypass when following HTTP redirects (streaming API)
Mariner
GitHub_M
Yes
CVE-2026-21441
Improper Handling of Highly Compressed Data (Data Amplification)
17667-17084
20831-17084
20827-17084
20807-17084
20389-17086
20530-17086
20890-17086
17667-17084
20831-17084
20827-17084
20807-17084
20389-17086
20530-17086
20890-17086
Important
17667-17084
Important
20831-17084
Important
20827-17084
Important
20807-17084
Important
20389-17086
Important
20530-17086
Important
20890-17086
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
17667-17084
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
20831-17084
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
20827-17084
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
20807-17084
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
20389-17086
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
20530-17086
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
20890-17086
CBL-Mariner Releases
17667-17084
20827-17084
No
Security Update
2.16.1-10
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17667-17084
20827-17084
CBL-Mariner Releases
CBL-Mariner Releases
20831-17084
20807-17084
No
Security Update
2.0.7-4
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20831-17084
20807-17084
CBL-Mariner Releases
CBL-Mariner Releases
20389-17086
20890-17086
No
Security Update
1.26.19-3
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20389-17086
20890-17086
CBL-Mariner Releases
2.0
2026-01-11T01:05:59
<p>Information published.</p>
5.0
2026-01-20T14:46:23
<p>Information published.</p>
1.0
2026-01-09T01:10:35
<p>Information published.</p>
3.0
2026-01-12T14:39:50
<p>Information published.</p>
4.0
2026-01-16T14:35:56
<p>Information published.</p>
6.0
2026-01-21T01:41:44
<p>Information published.</p>
7.0
2026-02-19T01:13:26
<p>Information published.</p>
Crypt::Sodium::XS module versions prior to 0.000042, for Perl, include a vulnerable version of libsodium
Mariner
CPANSec
Yes
CVE-2025-15444
Dependency on Vulnerable Third-Party Component
20774-17084
20829-17084
20775-17086
20774-17084
20829-17084
20775-17086
Important
20774-17084
Important
20829-17084
Important
20775-17086
8.6
7.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L/E:U
20774-17084
8.6
7.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L/E:U
20829-17084
8.6
7.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L/E:U
20775-17086
CBL-Mariner Releases
20774-17084
20829-17084
No
Security Update
1.0.19-2
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20774-17084
20829-17084
CBL-Mariner Releases
CBL-Mariner Releases
20775-17086
No
Security Update
1.0.18-7
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20775-17086
CBL-Mariner Releases
1.0
2026-01-09T01:10:52
<p>Information published.</p>
2.0
2026-01-09T14:36:29
<p>Information published.</p>
4.0
2026-02-21T03:41:16
<p>Information published.</p>
3.0
2026-01-13T01:42:15
<p>Information published.</p>
Null Pointer Dereference in SubtableUnicodesCache::create leading to DoS
Mariner
GitHub_M
Yes
CVE-2026-22693
NULL Pointer Dereference
20833-17084
17496-17084
17986-17086
20813-17086
19626-17084
20833-17084
17496-17084
17986-17086
20813-17086
19626-17084
Moderate
20833-17084
Moderate
17496-17084
Moderate
17986-17086
Moderate
20813-17086
Moderate
19626-17084
5.3
4.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U
20833-17084
5.3
4.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U
17496-17084
5.3
5.3
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
17986-17086
5.3
5.3
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
20813-17086
5.3
5.3
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
19626-17084
CBL-Mariner Releases
20833-17084
17496-17084
No
Security Update
8.3.0-4
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20833-17084
17496-17084
CBL-Mariner Releases
3.0
2026-01-13T01:45:08
<p>Information published.</p>
4.0
2026-01-15T14:35:40
<p>Information published.</p>
5.0
2026-01-20T14:47:26
<p>Information published.</p>
1.0
2026-01-11T01:02:53
<p>Information published.</p>
2.0
2026-01-13T01:02:50
<p>Information published.</p>
rsa crate has potential panic on a prime being equal to 1
Mariner
GitHub_M
Yes
CVE-2026-21895
Improper Check or Handling of Exceptional Conditions
20421-17084
20824-17084
20421-17084
20824-17084
Low
20421-17084
Low
20824-17084
2.0
2026-01-13T01:45:13
<p>Information published.</p>
3.0
2026-01-20T14:47:37
<p>Information published.</p>
1.0
2026-01-11T01:05:14
<p>Information published.</p>
Libsoup: signed to unsigned conversion error leading to stack-based buffer overflow in libsoup ntlm authentication
Mariner
redhat
Yes
CVE-2026-0719
Stack-based Buffer Overflow
20801-17084
20801-17084
Important
20801-17084
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
20801-17084
3.0
2026-01-13T01:45:18
<p>Information published.</p>
1.0
2026-01-11T01:05:19
<p>Information published.</p>
2.0
2026-01-12T14:39:03
<p>Information published.</p>
filelock Time-of-Check-Time-of-Use (TOCTOU) Symlink Vulnerability in SoftFileLock
Mariner
GitHub_M
Yes
CVE-2026-22701
Improper Link Resolution Before File Access ('Link Following')
21025-17086
20814-17084
21025-17086
20814-17084
Moderate
21025-17086
Moderate
20814-17084
5.3
4.9
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H/E:U
21025-17086
5.3
4.9
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H/E:U
20814-17084
CBL-Mariner Releases
21025-17086
No
Security Update
3.0.12-14
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
21025-17086
CBL-Mariner Releases
CBL-Mariner Releases
20814-17084
No
Security Update
3.20.3-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20814-17084
CBL-Mariner Releases
2.0
2026-02-18T14:09:01
<p>Information published.</p>
3.0
2026-03-07T01:01:21
<p>Information published.</p>
1.0
2026-01-13T01:03:04
<p>Information published.</p>
4.0
2026-04-29T01:43:24
<p>Information published.</p>
LIBPNG has an integer truncation causing heap buffer over-read in png_image_write_*
Mariner
GitHub_M
Yes
CVE-2026-22801
Out-of-bounds Read
20815-17084
20816-17086
20813-17086
19668-17086
19626-17084
17667-17084
20827-17084
20815-17084
20816-17086
20813-17086
19668-17086
19626-17084
17667-17084
20827-17084
Moderate
20815-17084
Moderate
20816-17086
Moderate
20813-17086
Moderate
19668-17086
Moderate
19626-17084
Moderate
17667-17084
Moderate
20827-17084
6.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
20815-17084
6.8
6.2
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H/E:U
20816-17086
6.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
20813-17086
6.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
19668-17086
6.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
19626-17084
6.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
17667-17084
6.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
20827-17084
CBL-Mariner Releases
20815-17084
20816-17086
No
Security Update
1.6.54-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20815-17084
20816-17086
CBL-Mariner Releases
3.0
2026-01-20T14:41:21
<p>Information published.</p>
5.0
2026-02-18T14:10:26
<p>Information published.</p>
1.0
2026-01-14T01:03:23
<p>Information published.</p>
2.0
2026-01-15T01:07:25
<p>Information published.</p>
4.0
2026-01-21T14:36:27
<p>Information published.</p>
Avahi has a reachable assertion in avahi_wide_area_scan_cache
Mariner
GitHub_M
Yes
CVE-2025-68276
Reachable Assertion
19803-17086
17556-17084
20826-17084
20861-17086
20862-17084
19803-17086
17556-17084
20826-17084
20861-17086
20862-17084
Moderate
19803-17086
Moderate
17556-17084
Moderate
20826-17084
Moderate
20861-17086
Moderate
20862-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
19803-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
17556-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20826-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20861-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20862-17084
CBL-Mariner Releases
17556-17084
20826-17084
20862-17084
No
Security Update
0.8-6
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17556-17084
20826-17084
20862-17084
CBL-Mariner Releases
CBL-Mariner Releases
20861-17086
No
Security Update
0.8-5
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20861-17086
CBL-Mariner Releases
1.0
2026-01-14T01:03:39
<p>Information published.</p>
3.0
2026-01-20T14:48:21
<p>Information published.</p>
2.0
2026-01-19T14:36:20
<p>Information published.</p>
4.0
2026-02-18T14:11:33
<p>Information published.</p>
Avahi has a reachable assertion in lookup_multicast_callback
Mariner
GitHub_M
Yes
CVE-2025-68468
Reachable Assertion
19803-17086
17556-17084
20862-17084
20826-17084
20861-17086
19803-17086
17556-17084
20862-17084
20826-17084
20861-17086
Moderate
19803-17086
Moderate
17556-17084
Moderate
20862-17084
Moderate
20826-17084
Moderate
20861-17086
6.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
19803-17086
6.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
17556-17084
6.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
20862-17084
6.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
20826-17084
6.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
20861-17086
CBL-Mariner Releases
17556-17084
20862-17084
20826-17084
No
Security Update
0.8-6
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17556-17084
20862-17084
20826-17084
CBL-Mariner Releases
CBL-Mariner Releases
20861-17086
No
Security Update
0.8-5
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20861-17086
CBL-Mariner Releases
1.0
2026-01-14T01:03:47
<p>Information published.</p>
3.0
2026-01-20T14:48:32
<p>Information published.</p>
4.0
2026-02-18T14:12:12
<p>Information published.</p>
2.0
2026-01-19T14:36:27
<p>Information published.</p>
Avahi has a reachable assertion in lookup_start
Mariner
GitHub_M
Yes
CVE-2025-68471
Reachable Assertion
19803-17086
20861-17086
20862-17084
17556-17084
20826-17084
19803-17086
20861-17086
20862-17084
17556-17084
20826-17084
Moderate
19803-17086
Moderate
20861-17086
Moderate
20862-17084
Moderate
17556-17084
Moderate
20826-17084
6.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
19803-17086
6.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
20861-17086
6.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
20862-17084
6.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
17556-17084
6.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
20826-17084
CBL-Mariner Releases
20861-17086
No
Security Update
0.8-5
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20861-17086
CBL-Mariner Releases
CBL-Mariner Releases
20862-17084
17556-17084
20826-17084
No
Security Update
0.8-6
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20862-17084
17556-17084
20826-17084
CBL-Mariner Releases
1.0
2026-01-14T01:03:55
<p>Information published.</p>
3.0
2026-01-20T14:48:43
<p>Information published.</p>
2.0
2026-01-19T14:36:34
<p>Information published.</p>
4.0
2026-02-18T14:12:53
<p>Information published.</p>
Input: alps - fix use-after-free bugs caused by dev3_register_work
Mariner
Linux
Yes
CVE-2025-68822
20823-17084
20956-17084
21248-17084
21332-17084
20788-17084
20860-17084
21094-17084
21308-17084
20823-17084
20956-17084
21248-17084
21332-17084
20788-17084
20860-17084
21094-17084
21308-17084
Critical
20823-17084
Critical
20956-17084
Critical
21248-17084
Critical
21332-17084
Critical
20788-17084
Critical
20860-17084
Critical
21094-17084
Critical
21308-17084
9.8
9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
20823-17084
9.8
9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
20956-17084
9.8
9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
21248-17084
9.8
9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
21332-17084
9.8
9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
20788-17084
9.8
9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
20860-17084
9.8
9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
21094-17084
9.8
9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
21308-17084
3.0
2026-02-18T14:13:48
<p>Information published.</p>
4.0
2026-03-04T14:47:22
<p>Information published.</p>
8.0
2026-05-11T01:46:04
<p>Information published.</p>
1.0
2026-01-15T01:01:27
<p>Information published.</p>
2.0
2026-01-20T14:49:13
<p>Information published.</p>
5.0
2026-04-01T01:49:12
<p>Information published.</p>
6.0
2026-04-29T14:56:20
<p>Information published.</p>
7.0
2026-05-06T14:47:42
<p>Information published.</p>
iavf: fix off-by-one issues in iavf_config_rss_reg()
Mariner
Linux
Yes
CVE-2025-71087
20823-17084
20788-17084
20823-17084
20788-17084
Important
20823-17084
Important
20788-17084
7.1
7.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
20823-17084
7.1
7.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
20788-17084
CBL-Mariner Releases
20823-17084
No
Security Update
6.6.121.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20823-17084
CBL-Mariner Releases
2.0
2026-01-20T14:50:19
<p>Information published.</p>
1.0
2026-01-15T01:02:10
<p>Information published.</p>
3.0
2026-02-18T14:16:41
<p>Information published.</p>
io_uring: fix filename leak in __io_openat_prep()
Mariner
Linux
Yes
CVE-2025-68814
20823-17084
20788-17084
20823-17084
20788-17084
Critical
20823-17084
Critical
20788-17084
9.8
9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
20823-17084
9.8
9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
20788-17084
CBL-Mariner Releases
20823-17084
No
Security Update
6.6.121.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20823-17084
CBL-Mariner Releases
1.0
2026-01-15T01:03:50
<p>Information published.</p>
2.0
2026-01-20T14:52:05
<p>Information published.</p>
3.0
2026-02-18T14:25:17
<p>Information published.</p>
f2fs: fix to avoid updating compression context during writeback
Mariner
Linux
Yes
CVE-2025-68772
20788-17084
20823-17084
20788-17084
20823-17084
Moderate
20788-17084
Moderate
20823-17084
5.0
5.0
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H
20788-17084
5.0
5.0
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H
20823-17084
CBL-Mariner Releases
20823-17084
No
Security Update
6.6.121.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20823-17084
CBL-Mariner Releases
1.0
2026-01-15T01:04:01
<p>Information published.</p>
2.0
2026-01-21T01:35:44
<p>Information published.</p>
3.0
2026-02-18T14:26:13
<p>Information published.</p>
net/mlx5: fw_tracer, Validate format string parameters
Mariner
Linux
Yes
CVE-2025-68816
20823-17084
20788-17084
20823-17084
20788-17084
Moderate
20823-17084
Moderate
20788-17084
6.6
6.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H
20823-17084
6.6
6.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H
20788-17084
CBL-Mariner Releases
20823-17084
No
Security Update
6.6.121.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20823-17084
CBL-Mariner Releases
2.0
2026-01-20T14:37:22
<p>Information published.</p>
3.0
2026-02-18T14:31:44
<p>Information published.</p>
1.0
2026-01-15T01:05:16
<p>Information published.</p>
ocfs2: fix kernel BUG in ocfs2_find_victim_chain
Mariner
Linux
Yes
CVE-2025-68771
20823-17084
20788-17084
20823-17084
20788-17084
Important
20823-17084
Important
20788-17084
7.1
7.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
20823-17084
7.1
7.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
20788-17084
CBL-Mariner Releases
20823-17084
No
Security Update
6.6.121.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20823-17084
CBL-Mariner Releases
2.0
2026-01-20T14:40:17
<p>Information published.</p>
3.0
2026-01-21T01:38:10
<p>Information published.</p>
4.0
2026-02-21T04:24:13
<p>Information published.</p>
1.0
2026-01-15T01:06:46
<p>Information published.</p>
iomap: adjust read range correctly for non-block-aligned positions
Mariner
Linux
Yes
CVE-2025-68794
20823-17084
20788-17084
20823-17084
20788-17084
Moderate
20823-17084
Moderate
20788-17084
6.1
5.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H/E:U
20823-17084
6.1
5.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H/E:U
20788-17084
CBL-Mariner Releases
20823-17084
No
Security Update
6.6.121.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20823-17084
CBL-Mariner Releases
1.0
2026-01-15T01:06:51
<p>Information published.</p>
3.0
2026-02-18T14:36:42
<p>Information published.</p>
2.0
2026-01-20T14:40:27
<p>Information published.</p>
ksmbd: skip lock-range check on equal size to avoid size==0 underflow
Mariner
Linux
Yes
CVE-2025-68786
20823-17084
20788-17084
20823-17084
20788-17084
Important
20823-17084
Important
20788-17084
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
20823-17084
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
20788-17084
CBL-Mariner Releases
20823-17084
No
Security Update
6.6.121.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20823-17084
CBL-Mariner Releases
2.0
2026-01-20T14:40:38
<p>Information published.</p>
3.0
2026-01-21T01:38:26
<p>Information published.</p>
4.0
2026-02-21T04:24:47
<p>Information published.</p>
1.0
2026-01-15T01:06:56
<p>Information published.</p>
Integer overflow in memalign leads to heap corruption
Mariner
glibc
Yes
CVE-2026-0861
Integer Overflow or Wraparound
17348-17086
20868-17086
20817-17084
20895-17084
17348-17086
20868-17086
20817-17084
20895-17084
Moderate
17348-17086
Moderate
20868-17086
Moderate
20817-17084
Moderate
20895-17084
7.3
6.9
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H/E:P
17348-17086
7.3
6.9
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H/E:P
20868-17086
7.3
6.9
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H/E:P
20817-17084
7.3
6.9
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H/E:P
20895-17084
CBL-Mariner Releases
20868-17086
No
Security Update
2.35-9
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20868-17086
CBL-Mariner Releases
CBL-Mariner Releases
20895-17084
No
Security Update
2.38-18
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20895-17084
CBL-Mariner Releases
3.0
2026-02-18T14:37:56
<p>Information published.</p>
1.0
2026-01-16T01:01:21
<p>Information published.</p>
2.0
2026-01-17T01:01:25
<p>Information published.</p>
libceph: make decode_pool() more resilient against corrupted osdmaps
Mariner
Linux
Yes
CVE-2025-71116
20788-17084
20823-17084
20788-17084
20823-17084
Moderate
20788-17084
Moderate
20823-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20788-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20823-17084
CBL-Mariner Releases
20823-17084
No
Security Update
6.6.121.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20823-17084
CBL-Mariner Releases
2.0
2026-01-20T14:41:31
<p>Information published.</p>
3.0
2026-02-18T14:38:20
<p>Information published.</p>
1.0
2026-01-16T01:01:26
<p>Information published.</p>
RDMA/irdma: avoid invalid read in irdma_net_event
Mariner
Linux
Yes
CVE-2025-71133
20788-17084
20823-17084
20788-17084
20823-17084
Important
20788-17084
Important
20823-17084
7.1
7.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
20788-17084
7.1
7.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
20823-17084
CBL-Mariner Releases
20823-17084
No
Security Update
6.6.121.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20823-17084
CBL-Mariner Releases
2.0
2026-01-20T14:41:52
<p>Information published.</p>
4.0
2026-02-21T04:26:01
<p>Information published.</p>
1.0
2026-01-16T01:01:37
<p>Information published.</p>
3.0
2026-01-21T01:39:07
<p>Information published.</p>
via_wdt: fix critical boot hang due to unnamed resource allocation
Mariner
Linux
Yes
CVE-2025-71114
20823-17084
20788-17084
20823-17084
20788-17084
Important
20823-17084
Important
20788-17084
7.1
7.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
20823-17084
7.1
7.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
20788-17084
CBL-Mariner Releases
20823-17084
No
Security Update
6.6.121.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20823-17084
CBL-Mariner Releases
2.0
2026-01-20T14:42:25
<p>Information published.</p>
3.0
2026-01-21T01:39:29
<p>Information published.</p>
1.0
2026-01-16T01:01:53
<p>Information published.</p>
4.0
2026-02-21T04:13:58
<p>Information published.</p>
smc91x: fix broken irq-context in PREEMPT_RT
Mariner
Linux
Yes
CVE-2025-71132
20788-17084
20823-17084
20788-17084
20823-17084
Moderate
20788-17084
Moderate
20823-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20788-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20823-17084
CBL-Mariner Releases
20823-17084
No
Security Update
6.6.121.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20823-17084
CBL-Mariner Releases
2.0
2026-01-20T14:42:45
<p>Information published.</p>
3.0
2026-02-18T14:40:28
<p>Information published.</p>
1.0
2026-01-16T01:02:04
<p>Information published.</p>
net: hns3: add VLAN id validation before using
Mariner
Linux
Yes
CVE-2025-71112
20823-17084
20788-17084
20823-17084
20788-17084
Moderate
20823-17084
Moderate
20788-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20823-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20788-17084
CBL-Mariner Releases
20823-17084
No
Security Update
6.6.121.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20823-17084
CBL-Mariner Releases
2.0
2026-01-20T14:42:57
<p>Information published.</p>
1.0
2026-01-16T01:02:09
<p>Information published.</p>
3.0
2026-02-18T14:40:50
<p>Information published.</p>
MIPS: ftrace: Fix memory corruption when kernel is located beyond 32 bits
Mariner
Linux
Yes
CVE-2025-71109
20823-17084
20925-17086
21093-17086
20788-17084
20860-17084
20823-17084
20925-17086
21093-17086
20788-17084
20860-17084
Important
20823-17084
Moderate
20925-17086
Moderate
21093-17086
Important
20788-17084
Important
20860-17084
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
20823-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20925-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
21093-17086
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
20788-17084
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
20860-17084
2.0
2026-01-20T14:43:07
<p>Information published.</p>
4.0
2026-02-21T04:15:39
<p>Information published.</p>
5.0
2026-03-27T01:02:53
<p>Information published.</p>
6.0
2026-03-31T14:53:12
<p>Information published.</p>
1.0
2026-01-16T01:02:15
<p>Information published.</p>
3.0
2026-01-21T01:39:55
<p>Information published.</p>
octeontx2-pf: fix "UBSAN: shift-out-of-bounds error"
Mariner
Linux
Yes
CVE-2025-71137
20823-17084
20788-17084
20823-17084
20788-17084
Moderate
20823-17084
Moderate
20788-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20823-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20788-17084
CBL-Mariner Releases
20823-17084
No
Security Update
6.6.121.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20823-17084
CBL-Mariner Releases
2.0
2026-01-20T14:43:18
<p>Information published.</p>
3.0
2026-02-18T14:41:20
<p>Information published.</p>
1.0
2026-01-16T01:02:20
<p>Information published.</p>
clk: samsung: exynos-clkout: Assign .num before accessing .hws
Mariner
Linux
Yes
CVE-2025-71143
20823-17084
20788-17084
20823-17084
20788-17084
Important
20823-17084
Important
20788-17084
7.1
7.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
20823-17084
7.1
7.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
20788-17084
CBL-Mariner Releases
20823-17084
No
Security Update
6.6.121.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20823-17084
CBL-Mariner Releases
2.0
2026-01-20T14:43:28
<p>Information published.</p>
3.0
2026-01-21T01:40:10
<p>Information published.</p>
4.0
2026-02-21T04:16:38
<p>Information published.</p>
1.0
2026-01-16T01:02:26
<p>Information published.</p>
usb: typec: ucsi: Handle incorrect num_connectors capability
Mariner
Linux
Yes
CVE-2025-71108
20823-17084
20788-17084
20823-17084
20788-17084
Moderate
20823-17084
Moderate
20788-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20823-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20788-17084
CBL-Mariner Releases
20823-17084
No
Security Update
6.6.121.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20823-17084
CBL-Mariner Releases
2.0
2026-01-20T14:43:38
<p>Information published.</p>
3.0
2026-02-18T14:41:52
<p>Information published.</p>
1.0
2026-01-16T01:02:31
<p>Information published.</p>
um: init cpu_tasks[] earlier
Mariner
Linux
Yes
CVE-2025-71115
20788-17084
20788-17084
Moderate
20788-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20788-17084
CBL-Mariner Releases
20788-17084
No
Security Update
6.6.119.3-3
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20788-17084
CBL-Mariner Releases
2.0
2026-01-17T14:35:48
<p>Information published.</p>
3.0
2026-02-18T14:42:16
<p>Information published.</p>
1.0
2026-01-16T01:02:36
<p>Information published.</p>
LoongArch: BPF: Sign extend kfunc call arguments
Mariner
Linux
Yes
CVE-2025-71129
20823-17084
20788-17084
20823-17084
20788-17084
Moderate
20823-17084
Moderate
20788-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20823-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20788-17084
CBL-Mariner Releases
20823-17084
No
Security Update
6.6.121.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20823-17084
CBL-Mariner Releases
2.0
2026-01-20T14:43:49
<p>Information published.</p>
1.0
2026-01-16T01:02:41
<p>Information published.</p>
3.0
2026-02-18T14:42:51
<p>Information published.</p>
parisc: Do not reprogram affinitiy on ASP chip
Mariner
Linux
Yes
CVE-2025-71121
20823-17084
20788-17084
20823-17084
20788-17084
Moderate
20823-17084
Moderate
20788-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20823-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20788-17084
CBL-Mariner Releases
20823-17084
No
Security Update
6.6.121.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20823-17084
CBL-Mariner Releases
2.0
2026-01-20T14:43:59
<p>Information published.</p>
3.0
2026-02-18T14:43:31
<p>Information published.</p>
1.0
2026-01-16T01:02:46
<p>Information published.</p>
crypto: seqiv - Do not use req->iv after crypto_aead_encrypt
Mariner
Linux
Yes
CVE-2025-71131
20823-17084
20788-17084
20823-17084
20788-17084
Moderate
20823-17084
Moderate
20788-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20823-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20788-17084
CBL-Mariner Releases
20823-17084
No
Security Update
6.6.121.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20823-17084
CBL-Mariner Releases
3.0
2026-02-18T14:44:07
<p>Information published.</p>
1.0
2026-01-16T01:03:02
<p>Information published.</p>
2.0
2026-01-20T14:44:29
<p>Information published.</p>
tracing: Do not register unsupported perf events
Mariner
Linux
Yes
CVE-2025-71125
20823-17084
20788-17084
20823-17084
20788-17084
Moderate
20823-17084
Moderate
20788-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20823-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20788-17084
CBL-Mariner Releases
20823-17084
No
Security Update
6.6.121.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20823-17084
CBL-Mariner Releases
2.0
2026-01-20T14:44:50
<p>Information published.</p>
1.0
2026-01-16T01:03:13
<p>Information published.</p>
3.0
2026-02-18T14:45:24
<p>Information published.</p>
SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf
Mariner
Linux
Yes
CVE-2025-71120
20823-17084
20788-17084
20823-17084
20788-17084
Moderate
20823-17084
Moderate
20788-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20823-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20788-17084
CBL-Mariner Releases
20823-17084
No
Security Update
6.6.121.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20823-17084
CBL-Mariner Releases
2.0
2026-01-20T14:45:50
<p>Information published.</p>
3.0
2026-02-18T14:48:45
<p>Information published.</p>
1.0
2026-01-16T01:03:44
<p>Information published.</p>
Denial of Service in Keras via Excessive Memory Allocation in HDF5 Metadata
Mariner
Google
Yes
CVE-2026-0897
Allocation of Resources Without Limits or Throttling
20630-17084
20859-17084
20630-17084
20859-17084
Important
20630-17084
Important
20859-17084
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
20630-17084
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
20859-17084
CBL-Mariner Releases
20859-17084
No
Security Update
3.3.3-6
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20859-17084
CBL-Mariner Releases
1.0
2026-01-16T01:03:50
<p>Information published.</p>
2.0
2026-02-18T14:49:12
<p>Information published.</p>
getnetbyaddr and getnetbyaddr_r leak stack contents to DNS resovler
Mariner
glibc
Yes
CVE-2026-0915
Use of Uninitialized Resource
20817-17084
17348-17086
20895-17084
20868-17086
20817-17084
17348-17086
20895-17084
20868-17086
Low
20817-17084
Moderate
17348-17086
Low
20895-17084
Moderate
20868-17086
2.9
2.9
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
20817-17084
5.3
4.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U
17348-17086
2.9
2.9
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
20895-17084
5.3
4.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U
20868-17086
CBL-Mariner Releases
20895-17084
No
Security Update
2.38-18
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20895-17084
CBL-Mariner Releases
CBL-Mariner Releases
20868-17086
No
Security Update
2.35-9
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20868-17086
CBL-Mariner Releases
1.0
2026-01-17T01:01:21
<p>Information published.</p>
2.0
2026-01-21T01:02:55
<p>Information published.</p>
3.0
2026-02-18T14:49:58
<p>Information published.</p>
Libxml2: libxml2: denial of service via uncontrolled recursion in xml catalog processing
Mariner
redhat
Yes
CVE-2026-0990
Uncontrolled Recursion
20604-17086
20622-17084
20825-17084
20901-17086
20960-17084
20604-17086
20622-17084
20825-17084
20901-17086
20960-17084
Moderate
20604-17086
Moderate
20622-17084
Moderate
20825-17084
Moderate
20901-17086
Moderate
20960-17084
5.9
5.9
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
20604-17086
5.9
5.9
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
20622-17084
5.9
5.9
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
20825-17084
5.9
5.9
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
20901-17086
5.9
5.9
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
20960-17084
CBL-Mariner Releases
20825-17084
20960-17084
No
Security Update
2.11.5-9
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20825-17084
20960-17084
CBL-Mariner Releases
CBL-Mariner Releases
20901-17086
No
Security Update
2.10.4-10
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20901-17086
CBL-Mariner Releases
2.0
2026-01-19T14:38:59
<p>Information published.</p>
3.0
2026-01-20T14:48:27
<p>Information published.</p>
1.0
2026-01-19T01:01:20
<p>Information published.</p>
4.0
2026-02-18T14:59:23
<p>Information published.</p>
5.0
2026-02-23T14:35:45
<p>Information published.</p>
6.0
2026-03-04T14:35:40
<p>Information published.</p>
Libxml2: unbounded relaxng include recursion leading to stack overflow
Mariner
redhat
Yes
CVE-2026-0989
Uncontrolled Recursion
20604-17086
20825-17084
20901-17086
20960-17084
20622-17084
20940-17086
20604-17086
20825-17084
20901-17086
20960-17084
20622-17084
20940-17086
Low
20604-17086
Low
20825-17084
Low
20901-17086
Low
20960-17084
Low
20622-17084
Low
20940-17086
3.7
3.7
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
20604-17086
3.7
3.7
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
20825-17084
3.7
3.7
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
20901-17086
3.7
3.7
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
20960-17084
3.7
3.7
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
20622-17084
3.7
3.7
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
20940-17086
2.0
2026-01-19T14:39:06
<p>Information published.</p>
4.0
2026-02-18T14:59:51
<p>Information published.</p>
5.0
2026-03-03T14:54:37
<p>Information published.</p>
1.0
2026-01-19T01:01:29
<p>Information published.</p>
3.0
2026-01-20T14:48:48
<p>Information published.</p>
6.0
2026-03-04T14:35:58
<p>Information published.</p>
pyasn1 has a DoS vulnerability in decoder
Mariner
GitHub_M
Yes
CVE-2026-23490
Allocation of Resources Without Limits or Throttling
20840-17084
20841-17086
20840-17084
20841-17086
Important
20840-17084
Important
20841-17086
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
20840-17084
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
20841-17086
1.0
2026-01-21T01:05:16
<p>Information published.</p>
2.0
2026-02-18T15:03:58
<p>Information published.</p>
KEYS: trusted: Fix a memory leak in tpm2_load_cmd
Mariner
Linux
Yes
CVE-2025-71147
Missing Release of Memory after Effective Lifetime
17087-17086
17087-17086
Moderate
17087-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
17087-17086
CBL-Mariner Releases
17087-17086
No
Security Update
5.15.200.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17087-17086
CBL-Mariner Releases
2.0
2026-03-02T14:37:28
<p>Information published.</p>
3.0
2026-03-03T15:01:05
<p>Information published.</p>
1.0
2026-02-28T01:02:39
<p>Information published.</p>
net: dsa: properly keep track of conduit reference
Mariner
Linux
Yes
CVE-2025-71152
20925-17086
21093-17086
17087-17086
20925-17086
21093-17086
17087-17086
Important
20925-17086
Important
21093-17086
Important
17087-17086
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
20925-17086
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
21093-17086
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
17087-17086
2.0
2026-03-03T15:01:41
<p>Information published.</p>
3.0
2026-03-31T14:37:17
<p>Information published.</p>
1.0
2026-02-28T01:02:50
<p>Information published.</p>
net: usb: rtl8150: fix memory leak on usb_submit_urb() failure
Mariner
Linux
Yes
CVE-2025-71154
Missing Release of Memory after Effective Lifetime
17087-17086
17087-17086
Moderate
17087-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
17087-17086
CBL-Mariner Releases
17087-17086
No
Security Update
5.15.200.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17087-17086
CBL-Mariner Releases
1.0
2026-02-28T01:02:55
<p>Information published.</p>
2.0
2026-03-02T14:37:38
<p>Information published.</p>
3.0
2026-03-03T15:02:02
<p>Information published.</p>
netfilter: nf_tables: avoid chain re-validation if possible
Mariner
Linux
Yes
CVE-2025-71160
17087-17086
20925-17086
21093-17086
17087-17086
20925-17086
21093-17086
Moderate
17087-17086
Moderate
20925-17086
Moderate
21093-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
17087-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20925-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
21093-17086
1.0
2026-02-28T01:03:01
<p>Information published.</p>
2.0
2026-03-02T14:37:43
<p>Information published.</p>
3.0
2026-03-03T15:02:19
<p>Information published.</p>
4.0
2026-03-31T14:37:40
<p>Information published.</p>
dm-verity: disable recursive forward error correction
Mariner
Linux
Yes
CVE-2025-71161
Off-by-one Error
20925-17086
17087-17086
21093-17086
20925-17086
17087-17086
21093-17086
Moderate
20925-17086
Moderate
17087-17086
Moderate
21093-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20925-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
17087-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
21093-17086
3.0
2026-03-03T15:02:38
<p>Information published.</p>
4.0
2026-03-31T14:38:05
<p>Information published.</p>
1.0
2026-02-28T01:03:06
<p>Information published.</p>
2.0
2026-03-02T14:37:48
<p>Information published.</p>
dmaengine: idxd: fix device leaks on compat bind and unbind
Mariner
Linux
Yes
CVE-2025-71163
Missing Release of Memory after Effective Lifetime
17087-17086
17087-17086
Moderate
17087-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
17087-17086
CBL-Mariner Releases
17087-17086
No
Security Update
5.15.200.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17087-17086
CBL-Mariner Releases
3.0
2026-03-03T15:03:00
<p>Information published.</p>
1.0
2026-02-28T01:03:17
<p>Information published.</p>
2.0
2026-03-02T14:37:53
<p>Information published.</p>
net/sched: sch_qfq: Fix NULL deref when deactivating inactive aggregate in qfq_reset
Mariner
Linux
Yes
CVE-2026-22976
NULL Pointer Dereference
17087-17086
17087-17086
Moderate
17087-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
17087-17086
CBL-Mariner Releases
17087-17086
No
Security Update
5.15.200.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17087-17086
CBL-Mariner Releases
1.0
2026-02-28T01:03:22
<p>Information published.</p>
3.0
2026-03-03T15:03:23
<p>Information published.</p>
2.0
2026-03-02T14:37:58
<p>Information published.</p>
net: sock: fix hardened usercopy panic in sock_recv_errqueue
Mariner
Linux
Yes
CVE-2026-22977
NULL Pointer Dereference
17087-17086
17087-17086
Moderate
17087-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
17087-17086
CBL-Mariner Releases
17087-17086
No
Security Update
5.15.200.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17087-17086
CBL-Mariner Releases
1.0
2026-02-28T01:03:28
<p>Information published.</p>
2.0
2026-03-02T14:38:03
<p>Information published.</p>
3.0
2026-03-03T15:03:44
<p>Information published.</p>
wifi: avoid kernel-infoleak from struct iw_point
Mariner
Linux
Yes
CVE-2026-22978
17087-17086
17087-17086
Low
17087-17086
3.3
3.3
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
17087-17086
CBL-Mariner Releases
17087-17086
No
Security Update
5.15.200.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17087-17086
CBL-Mariner Releases
1.0
2026-02-28T01:03:33
<p>Information published.</p>
3.0
2026-03-03T15:04:06
<p>Information published.</p>
2.0
2026-03-02T14:38:07
<p>Information published.</p>
libceph: return the handler error from mon_handle_auth_done()
Mariner
Linux
Yes
CVE-2026-22992
NULL Pointer Dereference
17087-17086
17087-17086
Moderate
17087-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
17087-17086
CBL-Mariner Releases
17087-17086
No
Security Update
5.15.200.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17087-17086
CBL-Mariner Releases
1.0
2026-02-28T01:04:11
<p>Information published.</p>
2.0
2026-03-02T14:38:32
<p>Information published.</p>
3.0
2026-03-03T15:05:07
<p>Information published.</p>
net/mlx5e: Don't store mlx5e_priv in mlx5e_dev devlink priv
Mariner
Linux
Yes
CVE-2026-22996
NULL Pointer Dereference
20925-17086
21093-17086
17087-17086
20925-17086
21093-17086
17087-17086
Moderate
20925-17086
Moderate
21093-17086
Moderate
17087-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20925-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
21093-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
17087-17086
1.0
2026-02-28T01:04:17
<p>Information published.</p>
2.0
2026-03-02T14:38:37
<p>Information published.</p>
3.0
2026-03-03T14:36:04
<p>Information published.</p>
4.0
2026-03-31T14:38:48
<p>Information published.</p>
net: can: j1939: j1939_xtp_rx_rts_session_active(): deactivate session upon receiving the second rts
Mariner
Linux
Yes
CVE-2026-22997
17087-17086
17087-17086
Moderate
17087-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
17087-17086
CBL-Mariner Releases
17087-17086
No
Security Update
5.15.200.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17087-17086
CBL-Mariner Releases
1.0
2026-02-28T01:04:22
<p>Information published.</p>
2.0
2026-03-02T14:38:42
<p>Information published.</p>
3.0
2026-03-03T14:36:29
<p>Information published.</p>
nvme-tcp: fix NULL pointer dereferences in nvmet_tcp_build_pdu_iovec
Mariner
Linux
Yes
CVE-2026-22998
NULL Pointer Dereference
17087-17086
20860-17084
17087-17086
20860-17084
Moderate
17087-17086
20860-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
17087-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20860-17084
CBL-Mariner Releases
17087-17086
No
Security Update
5.15.200.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17087-17086
CBL-Mariner Releases
CBL-Mariner Releases
20860-17084
No
Security Update
6.6.126.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20860-17084
CBL-Mariner Releases
1.0
2026-02-28T01:04:30
<p>Information published.</p>
2.0
2026-03-02T14:38:47
<p>Information published.</p>
3.0
2026-03-03T14:36:56
<p>Information published.</p>
btrfs: always detect conflicting inodes when logging inode refs
Mariner
Linux
Yes
CVE-2025-71183
20925-17086
21093-17086
20925-17086
21093-17086
Moderate
20925-17086
Moderate
21093-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20925-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
21093-17086
1.0
2026-03-27T01:02:59
<p>Information published.</p>
2.0
2026-03-31T14:53:36
<p>Information published.</p>
btrfs: fix NULL dereference on root when tracing inode eviction
Mariner
Linux
Yes
CVE-2025-71184
20925-17086
21093-17086
20925-17086
21093-17086
Moderate
20925-17086
Moderate
21093-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20925-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
21093-17086
1.0
2026-03-27T01:03:05
<p>Information published.</p>
2.0
2026-03-31T14:54:00
<p>Information published.</p>
dst: fix races in rt6_uncached_list_del() and rt_del_uncached_list()
Mariner
Linux
Yes
CVE-2026-23004
20925-17086
21093-17086
20925-17086
21093-17086
Moderate
20925-17086
Moderate
21093-17086
4.7
4.7
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
20925-17086
4.7
4.7
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
21093-17086
1.0
2026-03-27T01:03:10
<p>Information published.</p>
2.0
2026-03-31T14:54:23
<p>Information published.</p>
NFS: Automounted filesystems should inherit ro,noexec,nodev,sync flags
Mariner
Linux
Yes
CVE-2025-68764
20725-17084
20788-17084
20823-17084
20725-17084
20788-17084
20823-17084
Moderate
20725-17084
Moderate
20788-17084
Moderate
20823-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20725-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20788-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20823-17084
CBL-Mariner Releases
20823-17084
No
Security Update
6.6.121.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20823-17084
CBL-Mariner Releases
1.0
2026-01-06T01:01:16
<p>Information published.</p>
2.0
2026-01-08T14:43:25
<p>Information published.</p>
3.0
2026-01-20T14:45:07
<p>Information published.</p>
4.0
2026-02-18T02:50:46
<p>Information published.</p>
staging: most: remove broken i2c driver
Mariner
Linux
Yes
CVE-2025-68755
20725-17084
20788-17084
20823-17084
20725-17084
20788-17084
20823-17084
Moderate
20725-17084
Moderate
20788-17084
Moderate
20823-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20725-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20788-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20823-17084
CBL-Mariner Releases
20823-17084
No
Security Update
6.6.121.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20823-17084
CBL-Mariner Releases
1.0
2026-01-06T01:01:22
<p>Information published.</p>
3.0
2026-01-13T01:36:28
<p>Information published.</p>
4.0
2026-02-21T04:05:35
<p>Information published.</p>
2.0
2026-01-08T14:43:34
<p>Information published.</p>
mt76: mt7615: Fix memory leak in mt7615_mcu_wtbl_sta_add()
Mariner
Linux
Yes
CVE-2025-68765
20725-17084
20788-17084
20823-17084
20725-17084
20788-17084
20823-17084
Moderate
20725-17084
Moderate
20788-17084
Moderate
20823-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20725-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20788-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20823-17084
CBL-Mariner Releases
20823-17084
No
Security Update
6.6.121.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20823-17084
CBL-Mariner Releases
1.0
2026-01-06T01:01:27
<p>Information published.</p>
2.0
2026-01-08T14:43:45
<p>Information published.</p>
3.0
2026-01-20T14:45:17
<p>Information published.</p>
4.0
2026-02-18T02:51:33
<p>Information published.</p>
ALSA: firewire-motu: add bounds check in put_user loop for DSP events
Mariner
Linux
Yes
CVE-2025-68753
20788-17084
20823-17084
20725-17084
20788-17084
20823-17084
20725-17084
Important
20788-17084
Important
20823-17084
Important
20725-17084
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
20788-17084
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
20823-17084
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
20725-17084
CBL-Mariner Releases
20823-17084
No
Security Update
6.6.121.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20823-17084
CBL-Mariner Releases
1.0
2026-01-06T01:01:32
<p>Information published.</p>
3.0
2026-01-08T14:43:55
<p>Information published.</p>
2.0
2026-01-08T01:40:44
<p>Information published.</p>
4.0
2026-02-21T04:06:54
<p>Information published.</p>
irqchip/mchp-eic: Fix error code in mchp_eic_domain_alloc()
Mariner
Linux
Yes
CVE-2025-68766
20725-17084
20788-17084
20823-17084
20725-17084
20788-17084
20823-17084
Important
20725-17084
Important
20788-17084
Important
20823-17084
7.1
7.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
20725-17084
7.1
7.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
20788-17084
7.1
7.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
20823-17084
CBL-Mariner Releases
20823-17084
No
Security Update
6.6.121.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20823-17084
CBL-Mariner Releases
1.0
2026-01-06T01:01:43
<p>Information published.</p>
3.0
2026-01-08T14:44:15
<p>Information published.</p>
4.0
2026-02-21T04:08:11
<p>Information published.</p>
2.0
2026-01-08T01:40:49
<p>Information published.</p>
drm/vgem-fence: Fix potential deadlock on release
Mariner
Linux
Yes
CVE-2025-68757
20725-17084
20788-17084
20823-17084
20725-17084
20788-17084
20823-17084
Moderate
20725-17084
Moderate
20788-17084
Moderate
20823-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20725-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20788-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20823-17084
CBL-Mariner Releases
20823-17084
No
Security Update
6.6.121.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20823-17084
CBL-Mariner Releases
1.0
2026-01-06T01:01:54
<p>Information published.</p>
4.0
2026-02-18T02:53:29
<p>Information published.</p>
2.0
2026-01-08T14:44:35
<p>Information published.</p>
3.0
2026-01-20T14:45:38
<p>Information published.</p>
libtpms returns wrong initialization vector when certain symmetric ciphers are used
Mariner
GitHub_M
Yes
CVE-2026-21444
Use of a Broken or Risky Cryptographic Algorithm
19614-17084
19614-17084
Moderate
19614-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
19614-17084
1.0
2026-01-07T01:01:25
<p>Information published.</p>
2.0
2026-01-13T01:37:01
<p>Information published.</p>
CVE-2025-13151
Mariner
certcc
Yes
CVE-2025-13151
19631-17084
20286-17086
20911-17084
20912-17086
20913-17086
17481-17084
19552-17086
20830-17084
19631-17084
20286-17086
20911-17084
20912-17086
20913-17086
17481-17084
19552-17086
20830-17084
Low
19631-17084
Low
20286-17086
Low
20911-17084
Low
20912-17086
Low
20913-17086
Low
17481-17084
Low
19552-17086
Low
20830-17084
2.9
2.9
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
19631-17084
2.9
2.9
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
20286-17086
2.9
2.9
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
20911-17084
2.9
2.9
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
20912-17086
2.9
2.9
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
20913-17086
2.9
2.9
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
17481-17084
2.9
2.9
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
19552-17086
2.9
2.9
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
20830-17084
CBL-Mariner Releases
20286-17086
20913-17086
17481-17084
20830-17084
No
Security Update
4.19.0-3
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20286-17086
20913-17086
17481-17084
20830-17084
CBL-Mariner Releases
CBL-Mariner Releases
20911-17084
No
Security Update
3.8.3-8
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20911-17084
CBL-Mariner Releases
CBL-Mariner Releases
20912-17086
No
Security Update
3.7.11-6
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20912-17086
CBL-Mariner Releases
1.0
2026-01-09T01:08:14
<p>Information published.</p>
3.0
2026-01-12T14:36:38
<p>Information published.</p>
3.1
2026-01-13T01:39:19
<p>Information published.</p>
4.0
2026-01-20T01:38:00
<p>Information published.</p>
2.0
2026-01-11T01:05:03
<p>Information published.</p>
5.0
2026-01-20T14:46:03
<p>Information published.</p>
6.0
2026-02-19T01:11:53
<p>Information published.</p>
OpenLDAP <= 2.6.10 LMDB mdb_load Heap Buffer Underflow in readline()
Mariner
VulnCheck
Yes
CVE-2026-22185
Out-of-bounds Read
20806-17084
20806-17084
Important
20806-17084
1.0
2026-01-09T01:08:20
<p>Information published.</p>
zlib <= 1.3.1.2 untgz Global Buffer Overflow in TGZfname()
Mariner
VulnCheck
Yes
CVE-2026-22184
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
20730-17084
20787-17084
18315-17084
20599-17086
17868-17086
17642-17084
19693-17084
20217-17086
19746-17084
18110-17084
19752-17086
20605-17086
19668-17086
18109-17084
20618-17084
19842-17084
20569-17084
19802-17086
20704-17086
20115-17086
17664-17084
20600-17086
20688-17086
20598-17086
20026-17086
19712-17086
20744-17084
20767-17084
17667-17084
18102-17086
18101-17086
20730-17084
20787-17084
18315-17084
20599-17086
17868-17086
17642-17084
19693-17084
20217-17086
19746-17084
18110-17084
19752-17086
20605-17086
19668-17086
18109-17084
20618-17084
19842-17084
20569-17084
19802-17086
20704-17086
20115-17086
17664-17084
20600-17086
20688-17086
20598-17086
20026-17086
19712-17086
20744-17084
20767-17084
17667-17084
18102-17086
18101-17086
Critical
20730-17084
Critical
20787-17084
Critical
18315-17084
Critical
20599-17086
Critical
17868-17086
Critical
17642-17084
Critical
19693-17084
Critical
20217-17086
Critical
19746-17084
Critical
18110-17084
Critical
19752-17086
Critical
20605-17086
Critical
19668-17086
Critical
18109-17084
Critical
20618-17084
Critical
19842-17084
Critical
20569-17084
Critical
19802-17086
Critical
20704-17086
Critical
20115-17086
Critical
17664-17084
Critical
20600-17086
Critical
20688-17086
Critical
20598-17086
Critical
20026-17086
Critical
19712-17086
Critical
20744-17084
Critical
20767-17084
Critical
17667-17084
Critical
18102-17086
Critical
18101-17086
9.8
9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
20730-17084
9.8
9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
20787-17084
9.8
9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
18315-17084
9.8
9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
20599-17086
9.8
9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
17868-17086
9.8
9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
17642-17084
9.8
9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
19693-17084
9.8
9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
20217-17086
9.8
9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
19746-17084
9.8
9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
18110-17084
9.8
9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
19752-17086
9.8
9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
20605-17086
9.8
9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
19668-17086
9.8
9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
18109-17084
9.8
9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
20618-17084
9.8
9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
19842-17084
9.8
9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
20569-17084
9.8
9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
19802-17086
9.8
9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
20704-17086
9.8
9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
20115-17086
9.8
9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
17664-17084
9.8
9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
20600-17086
9.8
9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
20688-17086
9.8
9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
20598-17086
9.8
9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
20026-17086
9.8
9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
19712-17086
9.8
9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
20744-17084
9.8
9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
20767-17084
9.8
9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
17667-17084
9.8
9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
18102-17086
9.8
9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
18101-17086
1.0
2026-01-09T01:08:25
<p>Information published.</p>
2.0
2026-01-11T01:04:12
<p>Information published.</p>
3.0
2026-01-12T14:37:58
<p>Information published.</p>
No QUIC certificate pinning with GnuTLS
Mariner
curl
Yes
CVE-2025-13034
Improper Certificate Validation
20542-17086
20620-17084
20744-17084
20767-17084
20871-17086
20919-17084
20920-17086
20562-17084
20563-17084
20610-17086
20872-17084
20864-17084
20865-17084
20542-17086
20620-17084
20744-17084
20767-17084
20871-17086
20919-17084
20920-17086
20562-17084
20563-17084
20610-17086
20872-17084
20864-17084
20865-17084
Moderate
20542-17086
Moderate
20620-17084
Moderate
20744-17084
Moderate
20767-17084
Moderate
20871-17086
Moderate
20919-17084
Moderate
20920-17086
Moderate
20562-17084
Moderate
20563-17084
Moderate
20610-17086
Moderate
20872-17084
Moderate
20864-17084
Moderate
20865-17084
5.9
5.9
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
20542-17086
5.9
5.9
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
20620-17084
5.9
5.9
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
20744-17084
5.9
5.9
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
20767-17084
5.9
5.9
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
20871-17086
5.9
5.9
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
20919-17084
5.9
5.9
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
20920-17086
5.9
5.9
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
20562-17084
5.9
5.9
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
20563-17084
5.9
5.9
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
20610-17086
5.9
5.9
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
20872-17084
5.9
5.9
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
20864-17084
5.9
5.9
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
20865-17084
1.0
2026-01-09T01:08:30
<p>Information published.</p>
2.0
2026-01-10T01:01:11
<p>Information published.</p>
4.0
2026-01-12T14:39:27
<p>Information published.</p>
5.0
2026-01-13T01:39:44
<p>Information published.</p>
6.0
2026-02-21T04:14:52
<p>Information published.</p>
3.0
2026-01-11T01:04:53
<p>Information published.</p>
broken TLS options for threaded LDAPS
Mariner
curl
Yes
CVE-2025-14017
20562-17084
20542-17086
20744-17084
20605-17086
20767-17084
17667-17084
20872-17084
20919-17084
20920-17086
20879-17086
20865-17084
20563-17084
20692-17086
20620-17084
20610-17086
19668-17086
20869-17084
20870-17086
20871-17086
20864-17084
20827-17084
20562-17084
20542-17086
20744-17084
20605-17086
20767-17084
17667-17084
20872-17084
20919-17084
20920-17086
20879-17086
20865-17084
20563-17084
20692-17086
20620-17084
20610-17086
19668-17086
20869-17084
20870-17086
20871-17086
20864-17084
20827-17084
Moderate
20562-17084
Moderate
20542-17086
Moderate
20744-17084
Moderate
20605-17086
Moderate
20767-17084
Moderate
17667-17084
Moderate
20872-17084
Moderate
20919-17084
Moderate
20920-17086
Moderate
20879-17086
Moderate
20865-17084
Moderate
20563-17084
Moderate
20692-17086
Moderate
20620-17084
Moderate
20610-17086
Moderate
19668-17086
Moderate
20869-17084
Moderate
20870-17086
Moderate
20871-17086
Moderate
20864-17084
Moderate
20827-17084
5.9
5.9
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
20562-17084
5.9
5.9
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
20542-17086
5.9
5.9
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
20744-17084
5.9
5.9
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
20605-17086
5.9
5.9
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
20767-17084
5.9
5.9
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
17667-17084
5.9
5.9
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
20872-17084
5.9
5.9
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
20919-17084
5.9
5.9
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
20920-17086
5.9
5.9
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
20879-17086
5.9
5.9
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
20865-17084
5.9
5.9
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
20563-17084
5.9
5.9
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
20692-17086
5.9
5.9
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
20620-17084
5.9
5.9
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
20610-17086
5.9
5.9
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
19668-17086
5.9
5.9
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
20869-17084
5.9
5.9
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
20870-17086
5.9
5.9
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
20871-17086
5.9
5.9
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
20864-17084
5.9
5.9
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
20827-17084
CBL-Mariner Releases
20872-17084
20563-17084
No
Security Update
3.30.3-11
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20872-17084
20563-17084
CBL-Mariner Releases
CBL-Mariner Releases
20692-17086
20870-17086
No
Security Update
3.21.4-21
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20692-17086
20870-17086
CBL-Mariner Releases
CBL-Mariner Releases
20869-17084
No
Security Update
8.11.1-5
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20869-17084
CBL-Mariner Releases
CBL-Mariner Releases
20871-17086
No
Security Update
8.8.0-8
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20871-17086
CBL-Mariner Releases
2.0
2026-01-13T01:42:42
<p>Information published.</p>
3.0
2026-01-19T01:35:36
<p>Information published.</p>
4.0
2026-01-20T14:46:36
<p>Information published.</p>
6.0
2026-02-21T03:15:49
<p>Information published.</p>
1.0
2026-01-09T01:09:01
<p>Information published.</p>
5.0
2026-02-19T01:12:32
<p>Information published.</p>
libssh key passphrase bypass without agent set
Mariner
curl
Yes
CVE-2025-15224
Improper Authentication
20542-17086
20620-17084
20610-17086
20767-17084
20605-17086
17667-17084
20870-17086
20869-17084
20562-17084
20563-17084
20692-17086
20744-17084
19668-17086
20872-17084
20871-17086
20919-17084
20920-17086
20864-17084
20865-17084
20879-17086
20827-17084
20542-17086
20620-17084
20610-17086
20767-17084
20605-17086
17667-17084
20870-17086
20869-17084
20562-17084
20563-17084
20692-17086
20744-17084
19668-17086
20872-17084
20871-17086
20919-17084
20920-17086
20864-17084
20865-17084
20879-17086
20827-17084
Low
20542-17086
Low
20620-17084
Low
20610-17086
Low
20767-17084
Low
20605-17086
Low
17667-17084
Low
20870-17086
Low
20869-17084
Low
20562-17084
Low
20563-17084
Low
20692-17086
Low
20744-17084
Low
19668-17086
Low
20872-17084
Low
20871-17086
Low
20919-17084
Low
20920-17086
Low
20864-17084
Low
20865-17084
Low
20879-17086
Low
20827-17084
3.1
3.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N
20542-17086
3.1
3.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N
20620-17084
3.1
3.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N
20610-17086
3.1
3.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N
20767-17084
3.1
3.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N
20605-17086
3.1
3.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N
17667-17084
3.1
2.9
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N/E:U
20870-17086
3.1
3.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N
20869-17084
3.1
3.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N
20562-17084
3.1
2.9
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N/E:U
20563-17084
3.1
2.9
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N/E:U
20692-17086
3.1
3.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N
20744-17084
3.1
3.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N
19668-17086
3.1
2.9
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N/E:U
20872-17084
3.1
3.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N
20871-17086
3.1
3.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N
20919-17084
3.1
3.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N
20920-17086
3.1
3.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N
20864-17084
3.1
3.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N
20865-17084
3.1
3.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N
20879-17086
3.1
3.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N
20827-17084
1.0
2026-01-09T01:09:07
<p>Information published.</p>
2.0
2026-01-10T01:01:26
<p>Information published.</p>
3.0
2026-01-11T01:04:38
<p>Information published.</p>
5.0
2026-01-13T01:40:26
<p>Information published.</p>
4.0
2026-01-12T14:39:10
<p>Information published.</p>
6.0
2026-02-18T14:05:33
<p>Information published.</p>
7.0
2026-02-21T03:22:11
<p>Information published.</p>
8.0
2026-03-03T01:36:39
<p>Information published.</p>
bearer token leak on cross-protocol redirect
Mariner
curl
Yes
CVE-2025-14524
20563-17084
20870-17086
20919-17084
20562-17084
20542-17086
20692-17086
20610-17086
20605-17086
19668-17086
20620-17084
20744-17084
20767-17084
17667-17084
20872-17084
20869-17084
20871-17086
20920-17086
20879-17086
20864-17084
20865-17084
20827-17084
20974-17084
20563-17084
20870-17086
20919-17084
20562-17084
20542-17086
20692-17086
20610-17086
20605-17086
19668-17086
20620-17084
20744-17084
20767-17084
17667-17084
20872-17084
20869-17084
20871-17086
20920-17086
20879-17086
20864-17084
20865-17084
20827-17084
20974-17084
Moderate
20563-17084
Moderate
20870-17086
Moderate
20919-17084
Moderate
20562-17084
Moderate
20542-17086
Moderate
20692-17086
Moderate
20610-17086
Moderate
20605-17086
Moderate
19668-17086
Moderate
20620-17084
Moderate
20744-17084
Moderate
20767-17084
Moderate
17667-17084
Moderate
20872-17084
Moderate
20869-17084
Moderate
20871-17086
Moderate
20920-17086
Moderate
20879-17086
Moderate
20864-17084
Moderate
20865-17084
Moderate
20827-17084
Moderate
20974-17084
5.3
5.3
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
20563-17084
5.3
5.3
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
20870-17086
5.3
5.3
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
20919-17084
5.3
5.3
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
20562-17084
5.3
5.3
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
20542-17086
5.3
5.3
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
20692-17086
5.3
5.3
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
20610-17086
5.3
5.3
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
20605-17086
5.3
5.3
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
19668-17086
5.3
5.3
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
20620-17084
5.3
5.3
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
20744-17084
5.3
5.3
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
20767-17084
5.3
5.3
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
17667-17084
5.3
5.3
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
20872-17084
5.3
5.3
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
20869-17084
5.3
5.3
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
20871-17086
5.3
5.3
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
20920-17086
5.3
5.3
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
20879-17086
5.3
5.3
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
20864-17084
5.3
5.3
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
20865-17084
5.3
5.3
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
20827-17084
5.3
5.3
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
20974-17084
CBL-Mariner Releases
20870-17086
No
Security Update
3.21.4-22
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20870-17086
CBL-Mariner Releases
CBL-Mariner Releases
20872-17084
20974-17084
No
Security Update
3.30.3-12
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20872-17084
20974-17084
CBL-Mariner Releases
2.0
2026-01-11T01:01:16
<p>Information published.</p>
4.0
2026-01-13T01:40:36
<p>Information published.</p>
5.0
2026-02-18T14:07:49
<p>Information published.</p>
7.0
2026-03-04T14:47:10
<p>Information published.</p>
8.0
2026-03-10T01:38:55
<p>Information published.</p>
1.0
2026-01-09T01:09:12
<p>Information published.</p>
3.0
2026-01-13T01:02:39
<p>Information published.</p>
6.0
2026-02-21T03:27:56
<p>Information published.</p>
libssh global known_hosts override
Mariner
curl
Yes
CVE-2025-15079
Improper Validation of Certificate with Host Mismatch
20542-17086
20605-17086
20870-17086
20872-17084
20879-17086
20919-17084
20864-17084
20865-17084
20562-17084
20692-17086
20610-17086
20563-17084
19668-17086
20620-17084
20744-17084
20767-17084
17667-17084
20869-17084
20871-17086
20920-17086
20827-17084
20542-17086
20605-17086
20870-17086
20872-17084
20879-17086
20919-17084
20864-17084
20865-17084
20562-17084
20692-17086
20610-17086
20563-17084
19668-17086
20620-17084
20744-17084
20767-17084
17667-17084
20869-17084
20871-17086
20920-17086
20827-17084
Moderate
20542-17086
Moderate
20605-17086
Moderate
20870-17086
Moderate
20872-17084
Moderate
20879-17086
Moderate
20919-17084
Moderate
20864-17084
Moderate
20865-17084
Moderate
20562-17084
Moderate
20692-17086
Moderate
20610-17086
Moderate
20563-17084
Moderate
19668-17086
Moderate
20620-17084
Moderate
20744-17084
Moderate
20767-17084
Moderate
17667-17084
Moderate
20869-17084
Moderate
20871-17086
Moderate
20920-17086
Moderate
20827-17084
5.3
5.3
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
20542-17086
5.3
5.3
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
20605-17086
5.3
4.9
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U
20870-17086
5.3
4.9
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U
20872-17084
5.3
5.3
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
20879-17086
5.3
5.3
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
20919-17084
5.3
5.3
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
20864-17084
5.3
5.3
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
20865-17084
5.3
5.3
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
20562-17084
5.3
4.9
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U
20692-17086
5.3
5.3
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
20610-17086
5.3
4.9
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U
20563-17084
5.3
5.3
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
19668-17086
5.3
5.3
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
20620-17084
5.3
5.3
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
20744-17084
5.3
5.3
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
20767-17084
5.3
5.3
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
17667-17084
5.3
5.3
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
20869-17084
5.3
5.3
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
20871-17086
5.3
5.3
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
20920-17086
5.3
5.3
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
20827-17084
1.0
2026-01-09T01:09:17
<p>Information published.</p>
2.0
2026-01-10T01:01:21
<p>Information published.</p>
4.0
2026-01-13T01:40:46
<p>Information published.</p>
3.0
2026-01-13T01:02:13
<p>Information published.</p>
5.0
2026-02-18T14:07:08
<p>Information published.</p>
6.0
2026-02-21T03:33:13
<p>Information published.</p>
7.0
2026-03-03T01:36:49
<p>Information published.</p>
OpenSSL partial chain store policy bypass
Mariner
curl
Yes
CVE-2025-14819
Improper Certificate Validation
20562-17084
20542-17086
20620-17084
20610-17086
20744-17084
20767-17084
20605-17086
20869-17084
20879-17086
17667-17084
20871-17086
20919-17084
20920-17086
20864-17084
20865-17084
20827-17084
20562-17084
20542-17086
20620-17084
20610-17086
20744-17084
20767-17084
20605-17086
20869-17084
20879-17086
17667-17084
20871-17086
20919-17084
20920-17086
20864-17084
20865-17084
20827-17084
Moderate
20562-17084
Moderate
20542-17086
Moderate
20620-17084
Moderate
20610-17086
Moderate
20744-17084
Moderate
20767-17084
Moderate
20605-17086
Moderate
20869-17084
Moderate
20879-17086
Moderate
17667-17084
Moderate
20871-17086
Moderate
20919-17084
Moderate
20920-17086
Moderate
20864-17084
Moderate
20865-17084
Moderate
20827-17084
5.3
5.3
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
20562-17084
5.3
5.3
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
20542-17086
5.3
5.3
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
20620-17084
5.3
5.3
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
20610-17086
5.3
5.3
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
20744-17084
5.3
5.3
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
20767-17084
5.3
5.3
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
20605-17086
5.3
5.3
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
20869-17084
5.3
5.3
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
20879-17086
5.3
5.3
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
17667-17084
5.3
5.3
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
20871-17086
5.3
5.3
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
20919-17084
5.3
5.3
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
20920-17086
5.3
5.3
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
20864-17084
5.3
5.3
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
20865-17084
5.3
5.3
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
20827-17084
2.0
2026-01-10T01:01:16
<p>Information published.</p>
3.0
2026-01-11T01:05:37
<p>Information published.</p>
5.0
2026-01-13T01:41:17
<p>Information published.</p>
6.0
2026-02-21T03:37:04
<p>Information published.</p>
1.0
2026-01-09T01:09:22
<p>Information published.</p>
4.0
2026-01-12T14:39:20
<p>Information published.</p>
CoreDNS gRPC/HTTPS/HTTP3 servers lack resource limits, enabling DoS via unbounded connections and oversized messages
Mariner
GitHub_M
Yes
CVE-2025-68151
Allocation of Resources Without Limits or Throttling
20811-17084
20914-17084
20915-17086
20759-17086
20811-17084
20914-17084
20915-17086
20759-17086
Moderate
20811-17084
Moderate
20914-17084
Moderate
20915-17086
Moderate
20759-17086
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
20811-17084
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
20914-17084
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
20915-17086
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
20759-17086
CBL-Mariner Releases
20914-17084
No
Security Update
1.11.4-13
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20914-17084
CBL-Mariner Releases
CBL-Mariner Releases
20915-17086
No
Security Update
1.11.1-25
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20915-17086
CBL-Mariner Releases
1.0
2026-01-10T01:03:14
<p>Information published.</p>
2.0
2026-01-11T01:05:08
<p>Information published.</p>
3.0
2026-01-13T01:43:24
<p>Information published.</p>
4.0
2026-02-19T01:14:17
<p>Information published.</p>
Wget2: arbitrary file write via metalink path traversal in gnu wget2
Mariner
fedora
Yes
CVE-2025-69194
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
20812-17084
20832-17084
20812-17084
20832-17084
Important
20812-17084
Important
20832-17084
8.8
8.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
20812-17084
8.8
8.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
20832-17084
CBL-Mariner Releases
20812-17084
20832-17084
No
Security Update
2.1.0-7
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20812-17084
20832-17084
CBL-Mariner Releases
1.0
2026-01-10T01:04:40
<p>Information published.</p>
3.0
2026-01-20T14:46:58
<p>Information published.</p>
2.0
2026-01-16T14:36:04
<p>Information published.</p>
Wget2: gnu wget2: memory corruption and crash via filename sanitization logic with attacker-controlled urls
Mariner
fedora
Yes
CVE-2025-69195
Stack-based Buffer Overflow
20812-17084
20832-17084
20812-17084
20832-17084
Important
20812-17084
Important
20832-17084
7.6
7.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H
20812-17084
7.6
7.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H
20832-17084
CBL-Mariner Releases
20812-17084
20832-17084
No
Security Update
2.1.0-7
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20812-17084
20832-17084
CBL-Mariner Releases
1.0
2026-01-10T01:04:45
<p>Information published.</p>
2.0
2026-01-16T14:36:11
<p>Information published.</p>
3.0
2026-01-20T14:47:11
<p>Information published.</p>
Werkzeug safe_join() allows Windows special device names with compound extensions
Mariner
GitHub_M
Yes
CVE-2026-21860
Improper Handling of Windows Device Names
19712-17086
19837-17086
17667-17084
20827-17084
19693-17084
17600-17084
19712-17086
19837-17086
17667-17084
20827-17084
19693-17084
17600-17084
Moderate
19712-17086
Moderate
19837-17086
Moderate
17667-17084
Moderate
20827-17084
Moderate
19693-17084
Moderate
17600-17084
5.3
5.3
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
19712-17086
5.3
5.3
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
19837-17086
5.3
5.3
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
17667-17084
5.3
5.3
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
20827-17084
5.3
5.3
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
19693-17084
5.3
5.3
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
17600-17084
2.0
2026-01-12T14:39:43
<p>Information published.</p>
1.0
2026-01-11T01:05:52
<p>Information published.</p>
3.0
2026-01-13T01:45:33
<p>Information published.</p>
4.0
2026-02-21T03:49:22
<p>Information published.</p>
virtualenv Has TOCTOU Vulnerabilities in Directory Creation
Mariner
GitHub_M
Yes
CVE-2026-22702
Improper Link Resolution Before File Access ('Link Following')
21139-17086
20530-17086
17564-17084
21139-17086
20530-17086
17564-17084
Moderate
21139-17086
Moderate
20530-17086
Moderate
17564-17084
4.5
4.5
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L
21139-17086
4.5
4.5
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L
20530-17086
4.5
4.5
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L
17564-17084
CBL-Mariner Releases
21139-17086
20530-17086
17564-17084
No
Security Update
20.36.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
21139-17086
20530-17086
17564-17084
CBL-Mariner Releases
3.0
2026-02-21T03:51:39
<p>Information published.</p>
4.0
2026-03-31T15:09:02
<p>Information published.</p>
1.0
2026-01-13T01:02:58
<p>Information published.</p>
2.0
2026-02-18T14:08:28
<p>Information published.</p>
LIBPNG has a heap buffer over-read in png_image_read_direct_scaled (regression from CVE-2025-65018 fix)
Mariner
GitHub_M
Yes
CVE-2026-22695
Out-of-bounds Read
20816-17086
20815-17084
20816-17086
20815-17084
Moderate
20816-17086
Moderate
20815-17084
6.1
5.6
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H/E:U
20816-17086
6.1
6.1
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H
20815-17084
CBL-Mariner Releases
20816-17086
20815-17084
No
Security Update
1.6.54-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20816-17086
20815-17084
CBL-Mariner Releases
1.0
2026-01-14T01:03:31
<p>Information published.</p>
2.0
2026-01-21T14:36:38
<p>Information published.</p>
ublk: fix deadlock when reading partition table
Mariner
Linux
Yes
CVE-2025-68823
20823-17084
20860-17084
20788-17084
20823-17084
20860-17084
20788-17084
Critical
20823-17084
Critical
20860-17084
Critical
20788-17084
9.8
9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
20823-17084
9.8
9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
20860-17084
9.8
9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
20788-17084
2.0
2026-01-20T14:48:54
<p>Information published.</p>
3.0
2026-01-21T01:42:33
<p>Information published.</p>
4.0
2026-02-21T03:58:26
<p>Information published.</p>
1.0
2026-01-15T01:01:16
<p>Information published.</p>
NFSD: NFSv4 file creation neglects setting ACL
Mariner
Linux
Yes
CVE-2025-68803
20823-17084
20788-17084
20823-17084
20788-17084
Moderate
20823-17084
Moderate
20788-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
20823-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
20788-17084
CBL-Mariner Releases
20823-17084
No
Security Update
6.6.121.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20823-17084
CBL-Mariner Releases
1.0
2026-01-15T01:01:22
<p>Information published.</p>
3.0
2026-02-18T14:13:26
<p>Information published.</p>
2.0
2026-01-20T14:49:03
<p>Information published.</p>
net: stmmac: fix the crash issue for zero copy XDP_TX action
Mariner
Linux
Yes
CVE-2025-71095
20823-17084
20925-17086
21093-17086
20788-17084
20823-17084
20925-17086
21093-17086
20788-17084
Moderate
20823-17084
Moderate
20925-17086
Moderate
21093-17086
Moderate
20788-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20823-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20925-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
21093-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20788-17084
CBL-Mariner Releases
20823-17084
No
Security Update
6.6.121.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20823-17084
CBL-Mariner Releases
2.0
2026-01-20T14:49:21
<p>Information published.</p>
4.0
2026-03-27T01:02:48
<p>Information published.</p>
5.0
2026-03-31T14:52:48
<p>Information published.</p>
1.0
2026-01-15T01:01:32
<p>Information published.</p>
3.0
2026-02-18T14:14:18
<p>Information published.</p>
f2fs: fix to avoid updating zero-sized extent in extent cache
Mariner
Linux
Yes
CVE-2025-68796
20788-17084
20823-17084
20788-17084
20823-17084
Moderate
20788-17084
Moderate
20823-17084
5.0
5.0
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H
20788-17084
5.0
5.0
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H
20823-17084
CBL-Mariner Releases
20823-17084
No
Security Update
6.6.121.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20823-17084
CBL-Mariner Releases
2.0
2026-01-20T14:49:29
<p>Information published.</p>
3.0
2026-02-18T14:14:46
<p>Information published.</p>
1.0
2026-01-15T01:01:37
<p>Information published.</p>
powerpc/64s/slb: Fix SLB multihit issue during SLB preload
Mariner
Linux
Yes
CVE-2025-71078
20823-17084
20788-17084
20823-17084
20788-17084
Moderate
20823-17084
Moderate
20788-17084
4.7
4.7
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
20823-17084
4.7
4.7
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
20788-17084
CBL-Mariner Releases
20823-17084
No
Security Update
6.6.121.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20823-17084
CBL-Mariner Releases
2.0
2026-01-20T14:49:38
<p>Information published.</p>
3.0
2026-02-18T14:42:54
<p>Information published.</p>
1.0
2026-01-15T01:01:43
<p>Information published.</p>
ksmbd: fix buffer validation by including null terminator size in EA length
Mariner
Linux
Yes
CVE-2025-68806
20788-17084
20823-17084
20788-17084
20823-17084
Moderate
20788-17084
Moderate
20823-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20788-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20823-17084
CBL-Mariner Releases
20823-17084
No
Security Update
6.6.121.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20823-17084
CBL-Mariner Releases
2.0
2026-01-20T14:49:46
<p>Information published.</p>
3.0
2026-02-18T14:15:10
<p>Information published.</p>
1.0
2026-01-15T01:01:48
<p>Information published.</p>
hfsplus: Verify inode mode when loading from disk
Mariner
Linux
Yes
CVE-2025-68767
20823-17084
20788-17084
20823-17084
20788-17084
Moderate
20823-17084
Moderate
20788-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20823-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20788-17084
CBL-Mariner Releases
20823-17084
No
Security Update
6.6.121.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20823-17084
CBL-Mariner Releases
2.0
2026-01-20T14:49:54
<p>Information published.</p>
3.0
2026-02-18T14:15:40
<p>Information published.</p>
1.0
2026-01-15T01:01:53
<p>Information published.</p>
usb: phy: fsl-usb: Fix use-after-free in delayed work during device removal
Mariner
Linux
Yes
CVE-2025-68781
20823-17084
20788-17084
20823-17084
20788-17084
Important
20823-17084
Important
20788-17084
7.0
7.0
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
20823-17084
7.0
7.0
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
20788-17084
CBL-Mariner Releases
20823-17084
No
Security Update
6.6.121.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20823-17084
CBL-Mariner Releases
2.0
2026-01-20T14:50:03
<p>Information published.</p>
1.0
2026-01-15T01:01:59
<p>Information published.</p>
3.0
2026-01-21T01:43:19
<p>Information published.</p>
4.0
2026-02-21T04:02:38
<p>Information published.</p>
hwmon: (ibmpex) fix use-after-free in high/low store
Mariner
Linux
Yes
CVE-2025-68789
20788-17084
20823-17084
20788-17084
20823-17084
Critical
20788-17084
Critical
20823-17084
9.8
9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
20788-17084
9.8
9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
20823-17084
CBL-Mariner Releases
20823-17084
No
Security Update
6.6.121.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20823-17084
CBL-Mariner Releases
2.0
2026-01-20T14:50:11
<p>Information published.</p>
3.0
2026-02-18T14:16:10
<p>Information published.</p>
1.0
2026-01-15T01:02:04
<p>Information published.</p>
caif: fix integer underflow in cffrml_receive()
Mariner
Linux
Yes
CVE-2025-68799
20823-17084
20788-17084
20823-17084
20788-17084
Moderate
20823-17084
Moderate
20788-17084
5.3
4.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:U
20823-17084
5.3
4.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:U
20788-17084
CBL-Mariner Releases
20823-17084
No
Security Update
6.6.121.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20823-17084
CBL-Mariner Releases
2.0
2026-01-20T14:50:28
<p>Information published.</p>
3.0
2026-02-18T14:43:30
<p>Information published.</p>
1.0
2026-01-15T01:02:15
<p>Information published.</p>
iommu: disable SVA when CONFIG_X86 is set
Mariner
Linux
Yes
CVE-2025-71089
20823-17084
20788-17084
17087-17086
20823-17084
20788-17084
17087-17086
Important
20823-17084
Important
20788-17084
Important
17087-17086
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
20823-17084
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
20788-17084
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
17087-17086
CBL-Mariner Releases
20823-17084
No
Security Update
6.6.121.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20823-17084
CBL-Mariner Releases
2.0
2026-01-20T14:50:36
<p>Information published.</p>
1.0
2026-01-15T01:02:21
<p>Information published.</p>
3.0
2026-02-18T14:17:17
<p>Information published.</p>
4.0
2026-02-28T01:02:33
<p>Information published.</p>
5.0
2026-03-03T01:39:11
<p>Information published.</p>
e1000: fix OOB in e1000_tbi_should_accept()
Mariner
Linux
Yes
CVE-2025-71093
20823-17084
20788-17084
20823-17084
20788-17084
Moderate
20823-17084
Moderate
20788-17084
7.1
6.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H/E:U
20823-17084
7.1
6.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H/E:U
20788-17084
CBL-Mariner Releases
20823-17084
No
Security Update
6.6.121.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20823-17084
CBL-Mariner Releases
2.0
2026-01-20T14:50:44
<p>Information published.</p>
1.0
2026-01-15T01:02:26
<p>Information published.</p>
3.0
2026-02-18T14:17:46
<p>Information published.</p>
net: openvswitch: fix middle attribute validation in push_nsh() action
Mariner
Linux
Yes
CVE-2025-68785
20823-17084
20788-17084
20823-17084
20788-17084
Important
20823-17084
Important
20788-17084
7.1
7.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
20823-17084
7.1
7.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
20788-17084
CBL-Mariner Releases
20823-17084
No
Security Update
6.6.121.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20823-17084
CBL-Mariner Releases
2.0
2026-01-21T01:43:52
<p>Information published.</p>
1.0
2026-01-15T01:02:31
<p>Information published.</p>
3.0
2026-02-18T14:18:19
<p>Information published.</p>
net: nfc: fix deadlock between nfc_unregister_device and rfkill_fop_write
Mariner
Linux
Yes
CVE-2025-71079
20788-17084
20823-17084
20788-17084
20823-17084
Moderate
20788-17084
Moderate
20823-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20788-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20823-17084
CBL-Mariner Releases
20823-17084
No
Security Update
6.6.121.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20823-17084
CBL-Mariner Releases
1.0
2026-01-15T01:02:36
<p>Information published.</p>
2.0
2026-01-20T14:50:53
<p>Information published.</p>
3.0
2026-02-18T14:18:50
<p>Information published.</p>
Bluetooth: btusb: revert use of devm_kzalloc in btusb
Mariner
Linux
Yes
CVE-2025-71082
20823-17084
20788-17084
20823-17084
20788-17084
Important
20823-17084
Important
20788-17084
7.1
7.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
20823-17084
7.1
7.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
20788-17084
CBL-Mariner Releases
20823-17084
No
Security Update
6.6.121.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20823-17084
CBL-Mariner Releases
2.0
2026-01-20T14:51:00
<p>Information published.</p>
1.0
2026-01-15T01:02:41
<p>Information published.</p>
3.0
2026-02-18T14:19:21
<p>Information published.</p>
media: vidtv: initialize local pointers upon transfer of memory ownership
Mariner
Linux
Yes
CVE-2025-68808
20823-17084
20788-17084
20823-17084
20788-17084
Important
20823-17084
Important
20788-17084
7.1
7.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
20823-17084
7.1
7.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
20788-17084
CBL-Mariner Releases
20823-17084
No
Security Update
6.6.121.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20823-17084
CBL-Mariner Releases
1.0
2026-01-15T01:02:47
<p>Information published.</p>
2.0
2026-02-21T04:07:10
<p>Information published.</p>
btrfs: don't log conflicting inode if it's a dir moved in the current transaction
Mariner
Linux
Yes
CVE-2025-68778
20823-17084
20788-17084
20823-17084
20788-17084
Moderate
20823-17084
Moderate
20788-17084
6.1
6.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
20823-17084
6.1
6.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
20788-17084
CBL-Mariner Releases
20823-17084
No
Security Update
6.6.121.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20823-17084
CBL-Mariner Releases
1.0
2026-01-15T01:02:52
<p>Information published.</p>
2.0
2026-01-20T14:51:08
<p>Information published.</p>
3.0
2026-02-18T14:19:51
<p>Information published.</p>
RDMA/core: Check for the presence of LS_NLA_TYPE_DGID correctly
Mariner
Linux
Yes
CVE-2025-71096
20823-17084
20788-17084
20823-17084
20788-17084
Moderate
20823-17084
Moderate
20788-17084
7.1
6.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H/E:U
20823-17084
7.1
6.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H/E:U
20788-17084
CBL-Mariner Releases
20823-17084
No
Security Update
6.6.121.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20823-17084
CBL-Mariner Releases
2.0
2026-01-21T01:44:05
<p>Information published.</p>
3.0
2026-02-18T14:20:22
<p>Information published.</p>
1.0
2026-01-15T01:02:57
<p>Information published.</p>
Input: lkkbd - disable pending work before freeing device
Mariner
Linux
Yes
CVE-2025-71073
20823-17084
20956-17084
20925-17086
21094-17084
21093-17086
21248-17084
21332-17084
20788-17084
20860-17084
21308-17084
20823-17084
20956-17084
20925-17086
21094-17084
21093-17086
21248-17084
21332-17084
20788-17084
20860-17084
21308-17084
Critical
20823-17084
Critical
20956-17084
Important
20925-17086
Critical
21094-17084
Important
21093-17086
Critical
21248-17084
Critical
21332-17084
Critical
20788-17084
Critical
20860-17084
Critical
21308-17084
9.8
9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
20823-17084
9.8
9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
20956-17084
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
20925-17086
9.8
9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
21094-17084
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
21093-17086
9.8
9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
21248-17084
9.8
9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
21332-17084
9.8
9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
20788-17084
9.8
9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
20860-17084
9.8
9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
21308-17084
4.0
2026-03-04T14:47:28
<p>Information published.</p>
5.0
2026-03-27T01:02:38
<p>Information published.</p>
1.0
2026-01-15T01:03:02
<p>Information published.</p>
2.0
2026-01-20T14:51:17
<p>Information published.</p>
3.0
2026-02-18T14:20:48
<p>Information published.</p>
6.0
2026-03-31T15:09:32
<p>Information published.</p>
7.0
2026-04-29T14:56:33
<p>Information published.</p>
8.0
2026-05-06T14:47:51
<p>Information published.</p>
9.0
2026-05-11T14:44:42
<p>Information published.</p>
perf/x86/amd: Check event before enable to avoid GPF
Mariner
Linux
Yes
CVE-2025-68798
20823-17084
20788-17084
20823-17084
20788-17084
Moderate
20823-17084
Moderate
20788-17084
5.8
5.3
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H/E:U
20823-17084
5.8
5.3
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H/E:U
20788-17084
CBL-Mariner Releases
20823-17084
No
Security Update
6.6.121.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20823-17084
CBL-Mariner Releases
2.0
2026-01-20T14:51:25
<p>Information published.</p>
1.0
2026-01-15T01:03:08
<p>Information published.</p>
3.0
2026-02-18T14:21:19
<p>Information published.</p>
inet: frags: flush pending skbs in fqdir_pre_exit()
Mariner
Linux
Yes
CVE-2025-68768
20788-17084
20823-17084
21094-17084
21248-17084
21308-17084
20860-17084
20956-17084
21332-17084
20788-17084
20823-17084
21094-17084
21248-17084
21308-17084
20860-17084
20956-17084
21332-17084
Moderate
20788-17084
Moderate
20823-17084
Moderate
21094-17084
Moderate
21248-17084
Moderate
21308-17084
Moderate
20860-17084
Moderate
20956-17084
Moderate
21332-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20788-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20823-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
21094-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
21248-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
21308-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20860-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20956-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
21332-17084
2.0
2026-01-21T01:44:15
<p>Information published.</p>
3.0
2026-02-18T14:21:44
<p>Information published.</p>
4.0
2026-03-04T14:47:34
<p>Information published.</p>
6.0
2026-04-29T14:56:46
<p>Information published.</p>
7.0
2026-05-07T01:47:56
<p>Information published.</p>
1.0
2026-01-15T01:03:13
<p>Information published.</p>
5.0
2026-03-31T15:09:57
<p>Information published.</p>
8.0
2026-05-11T01:46:13
<p>Information published.</p>
scsi: target: Reset t_task_cdb pointer in error case
Mariner
Linux
Yes
CVE-2025-68782
20823-17084
20788-17084
20823-17084
20788-17084
Important
20823-17084
Important
20788-17084
8.6
7.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H/E:U
20823-17084
8.6
7.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H/E:U
20788-17084
CBL-Mariner Releases
20823-17084
No
Security Update
6.6.121.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20823-17084
CBL-Mariner Releases
2.0
2026-01-20T14:51:33
<p>Information published.</p>
1.0
2026-01-15T01:03:18
<p>Information published.</p>
3.0
2026-02-18T14:22:19
<p>Information published.</p>
mlxsw: spectrum_router: Fix neighbour use-after-free
Mariner
Linux
Yes
CVE-2025-68801
20823-17084
20788-17084
20823-17084
20788-17084
Important
20823-17084
Important
20788-17084
7.8
7.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U
20823-17084
7.8
7.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U
20788-17084
CBL-Mariner Releases
20823-17084
No
Security Update
6.6.121.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20823-17084
CBL-Mariner Releases
3.0
2026-02-18T14:22:51
<p>Information published.</p>
1.0
2026-01-15T01:03:24
<p>Information published.</p>
2.0
2026-01-20T14:51:42
<p>Information published.</p>
drm/ttm: Avoid NULL pointer deref for evicted BOs
Mariner
Linux
Yes
CVE-2025-71083
20823-17084
20788-17084
20823-17084
20788-17084
Moderate
20823-17084
Moderate
20788-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20823-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20788-17084
CBL-Mariner Releases
20823-17084
No
Security Update
6.6.121.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20823-17084
CBL-Mariner Releases
2.0
2026-01-20T14:51:49
<p>Information published.</p>
3.0
2026-02-18T14:23:23
<p>Information published.</p>
1.0
2026-01-15T01:03:29
<p>Information published.</p>
ALSA: usb-mixer: us16x08: validate meter packet indices
Mariner
Linux
Yes
CVE-2025-68783
20788-17084
20823-17084
20788-17084
20823-17084
Moderate
20788-17084
Moderate
20823-17084
4.6
4.6
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
20788-17084
4.6
4.6
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
20823-17084
CBL-Mariner Releases
20823-17084
No
Security Update
6.6.121.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20823-17084
CBL-Mariner Releases
2.0
2026-01-20T14:51:55
<p>Information published.</p>
3.0
2026-02-18T14:23:52
<p>Information published.</p>
1.0
2026-01-15T01:03:34
<p>Information published.</p>
svcrdma: bound check rq_pages index in inline path
Mariner
Linux
Yes
CVE-2025-71068
20823-17084
20788-17084
20823-17084
20788-17084
Important
20823-17084
Important
20788-17084
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
20823-17084
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
20788-17084
CBL-Mariner Releases
20823-17084
No
Security Update
6.6.121.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20823-17084
CBL-Mariner Releases
2.0
2026-01-20T14:52:00
<p>Information published.</p>
1.0
2026-01-15T01:03:39
<p>Information published.</p>
3.0
2026-02-18T14:24:21
<p>Information published.</p>
mlxsw: spectrum_mr: Fix use-after-free when updating multicast route stats
Mariner
Linux
Yes
CVE-2025-68800
20823-17084
20788-17084
20823-17084
20788-17084
Moderate
20823-17084
Moderate
20788-17084
7.1
6.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U
20823-17084
7.1
6.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U
20788-17084
CBL-Mariner Releases
20823-17084
No
Security Update
6.6.121.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20823-17084
CBL-Mariner Releases
1.0
2026-01-15T01:03:45
<p>Information published.</p>
2.0
2026-01-21T01:44:31
<p>Information published.</p>
3.0
2026-02-18T14:24:48
<p>Information published.</p>
f2fs: fix to avoid potential deadlock
Mariner
Linux
Yes
CVE-2025-71065
20823-17084
20788-17084
20823-17084
20788-17084
Moderate
20823-17084
Moderate
20788-17084
5.0
5.0
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H
20823-17084
5.0
5.0
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H
20788-17084
CBL-Mariner Releases
20823-17084
No
Security Update
6.6.121.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20823-17084
CBL-Mariner Releases
2.0
2026-01-20T14:52:10
<p>Information published.</p>
3.0
2026-02-18T14:25:46
<p>Information published.</p>
1.0
2026-01-15T01:03:56
<p>Information published.</p>
netrom: Fix memory leak in nr_sendmsg()
Mariner
Linux
Yes
CVE-2025-68787
20788-17084
20823-17084
20788-17084
20823-17084
Moderate
20788-17084
Moderate
20823-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20788-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20823-17084
CBL-Mariner Releases
20823-17084
No
Security Update
6.6.121.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20823-17084
CBL-Mariner Releases
2.0
2026-01-20T14:52:15
<p>Information published.</p>
1.0
2026-01-15T01:04:06
<p>Information published.</p>
3.0
2026-02-18T14:26:44
<p>Information published.</p>
net/sched: ets: Always remove class from active list before deleting in ets_qdisc_change
Mariner
Linux
Yes
CVE-2025-71066
20823-17084
20788-17084
20823-17084
20788-17084
Critical
20823-17084
Critical
20788-17084
9.8
9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
20823-17084
9.8
9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
20788-17084
CBL-Mariner Releases
20823-17084
No
Security Update
6.6.121.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20823-17084
CBL-Mariner Releases
2.0
2026-02-21T04:13:59
<p>Information published.</p>
1.0
2026-01-15T01:04:11
<p>Information published.</p>
f2fs: fix return value of f2fs_recover_fsync_data()
Mariner
Linux
Yes
CVE-2025-68769
20823-17084
20788-17084
20823-17084
20788-17084
Moderate
20823-17084
Moderate
20788-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
20823-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
20788-17084
CBL-Mariner Releases
20823-17084
No
Security Update
6.6.121.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20823-17084
CBL-Mariner Releases
2.0
2026-01-20T14:52:20
<p>Information published.</p>
1.0
2026-01-15T01:04:17
<p>Information published.</p>
3.0
2026-02-18T14:27:17
<p>Information published.</p>
scsi: aic94xx: fix use-after-free in device removal path
Mariner
Linux
Yes
CVE-2025-71075
20788-17084
20823-17084
20788-17084
20823-17084
Important
20788-17084
Important
20823-17084
7.0
7.0
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
20788-17084
7.0
7.0
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
20823-17084
CBL-Mariner Releases
20823-17084
No
Security Update
6.6.121.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20823-17084
CBL-Mariner Releases
2.0
2026-01-20T14:35:46
<p>Information published.</p>
3.0
2026-02-18T14:27:49
<p>Information published.</p>
1.0
2026-01-15T01:04:22
<p>Information published.</p>
ntfs: set dummy blocksize to read boot_block when mounting
Mariner
Linux
Yes
CVE-2025-71067
20823-17084
20788-17084
20823-17084
20788-17084
Important
20823-17084
Important
20788-17084
7.1
7.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
20823-17084
7.1
7.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
20788-17084
CBL-Mariner Releases
20823-17084
No
Security Update
6.6.121.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20823-17084
CBL-Mariner Releases
1.0
2026-01-15T01:04:27
<p>Information published.</p>
2.0
2026-02-21T04:15:26
<p>Information published.</p>
ipv4: Fix reference count leak when using error routes with nexthop objects
Mariner
Linux
Yes
CVE-2025-71097
20788-17084
20823-17084
20788-17084
20823-17084
Moderate
20788-17084
Moderate
20823-17084
6.5
6.5
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20788-17084
6.5
6.5
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20823-17084
CBL-Mariner Releases
20823-17084
No
Security Update
6.6.121.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20823-17084
CBL-Mariner Releases
1.0
2026-01-15T01:04:33
<p>Information published.</p>
2.0
2026-01-20T14:35:56
<p>Information published.</p>
3.0
2026-02-18T14:28:17
<p>Information published.</p>
scsi: Revert "scsi: qla2xxx: Perform lockless command completion in abort path"
Mariner
Linux
Yes
CVE-2025-68818
20823-17084
20788-17084
20823-17084
20788-17084
Moderate
20823-17084
Moderate
20788-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20823-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20788-17084
CBL-Mariner Releases
20823-17084
No
Security Update
6.6.121.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20823-17084
CBL-Mariner Releases
1.0
2026-01-15T01:04:38
<p>Information published.</p>
2.0
2026-01-20T14:36:07
<p>Information published.</p>
3.0
2026-02-18T14:28:43
<p>Information published.</p>
ethtool: Avoid overflowing userspace buffer on stats query
Mariner
Linux
Yes
CVE-2025-68795
20823-17084
20788-17084
20823-17084
20788-17084
Important
20823-17084
Important
20788-17084
7.1
7.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
20823-17084
7.1
7.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
20788-17084
CBL-Mariner Releases
20823-17084
No
Security Update
6.6.121.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20823-17084
CBL-Mariner Releases
3.0
2026-02-18T14:29:10
<p>Information published.</p>
1.0
2026-01-15T01:04:44
<p>Information published.</p>
2.0
2026-01-20T14:36:17
<p>Information published.</p>
spi: fsl-cpm: Check length parity before switching to 16 bit mode
Mariner
Linux
Yes
CVE-2025-68773
20823-17084
20788-17084
20823-17084
20788-17084
Moderate
20823-17084
Moderate
20788-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20823-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20788-17084
CBL-Mariner Releases
20823-17084
No
Security Update
6.6.121.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20823-17084
CBL-Mariner Releases
3.0
2026-02-18T14:29:37
<p>Information published.</p>
1.0
2026-01-15T01:04:49
<p>Information published.</p>
2.0
2026-01-20T14:36:28
<p>Information published.</p>
RDMA/cm: Fix leaking the multicast GID table reference
Mariner
Linux
Yes
CVE-2025-71084
20788-17084
20823-17084
20788-17084
20823-17084
Moderate
20788-17084
Moderate
20823-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20788-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20823-17084
CBL-Mariner Releases
20823-17084
No
Security Update
6.6.121.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20823-17084
CBL-Mariner Releases
2.0
2026-01-20T14:36:38
<p>Information published.</p>
3.0
2026-02-18T14:30:05
<p>Information published.</p>
1.0
2026-01-15T01:04:54
<p>Information published.</p>
shmem: fix recovery on rename failures
Mariner
Linux
Yes
CVE-2025-71072
20823-17084
20860-17084
20956-17084
21094-17084
20788-17084
21248-17084
21308-17084
21332-17084
20823-17084
20860-17084
20956-17084
21094-17084
20788-17084
21248-17084
21308-17084
21332-17084
Critical
20823-17084
Critical
20860-17084
Critical
20956-17084
Critical
21094-17084
Critical
20788-17084
Critical
21248-17084
Critical
21308-17084
Critical
21332-17084
9.8
9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
20823-17084
9.8
9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
20860-17084
9.8
9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
20956-17084
9.8
9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
21094-17084
9.8
9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
20788-17084
9.8
9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
21248-17084
9.8
9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
21308-17084
9.8
9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
21332-17084
3.0
2026-02-18T14:30:28
<p>Information published.</p>
5.0
2026-03-31T15:10:18
<p>Information published.</p>
6.0
2026-04-30T14:37:21
<p>Information published.</p>
8.0
2026-05-11T01:46:21
<p>Information published.</p>
1.0
2026-01-15T01:04:59
<p>Information published.</p>
2.0
2026-01-20T14:36:48
<p>Information published.</p>
4.0
2026-03-04T14:47:39
<p>Information published.</p>
7.0
2026-05-06T14:48:00
<p>Information published.</p>
ksmbd: vfs: fix race on m_flags in vfs_cache
Mariner
Linux
Yes
CVE-2025-68809
20823-17084
20788-17084
20823-17084
20788-17084
Moderate
20823-17084
Moderate
20788-17084
6.3
6.3
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H
20823-17084
6.3
6.3
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H
20788-17084
CBL-Mariner Releases
20823-17084
No
Security Update
6.6.121.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20823-17084
CBL-Mariner Releases
2.0
2026-01-20T14:36:59
<p>Information published.</p>
1.0
2026-01-15T01:05:05
<p>Information published.</p>
3.0
2026-02-18T14:30:53
<p>Information published.</p>
net/sched: ets: Remove drr class from the active list if it changes to strict
Mariner
Linux
Yes
CVE-2025-68815
20823-17084
20788-17084
20823-17084
20788-17084
Moderate
20823-17084
Moderate
20788-17084
7.1
6.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U
20823-17084
7.1
6.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U
20788-17084
CBL-Mariner Releases
20823-17084
No
Security Update
6.6.121.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20823-17084
CBL-Mariner Releases
2.0
2026-01-20T14:37:11
<p>Information published.</p>
1.0
2026-01-15T01:05:10
<p>Information published.</p>
3.0
2026-02-18T14:31:18
<p>Information published.</p>
media: dvb-usb: dtv5100: fix out-of-bounds in dtv5100_i2c_msg()
Mariner
Linux
Yes
CVE-2025-68819
20788-17084
20823-17084
20788-17084
20823-17084
Critical
20788-17084
Critical
20823-17084
9.8
9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
20788-17084
9.8
9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
20823-17084
CBL-Mariner Releases
20823-17084
No
Security Update
6.6.121.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20823-17084
CBL-Mariner Releases
2.0
2026-01-20T14:37:32
<p>Information published.</p>
3.0
2026-01-21T01:36:46
<p>Information published.</p>
4.0
2026-02-21T04:18:59
<p>Information published.</p>
1.0
2026-01-15T01:05:21
<p>Information published.</p>
ksmbd: fix use-after-free in ksmbd_tree_connect_put under concurrency
Mariner
Linux
Yes
CVE-2025-68817
20823-17084
20788-17084
17087-17086
20823-17084
20788-17084
17087-17086
Important
20823-17084
Important
20788-17084
Important
17087-17086
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
20823-17084
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
20788-17084
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
17087-17086
CBL-Mariner Releases
20823-17084
No
Security Update
6.6.121.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20823-17084
CBL-Mariner Releases
1.0
2026-01-15T01:05:26
<p>Information published.</p>
2.0
2026-01-20T14:37:41
<p>Information published.</p>
4.0
2026-02-21T04:19:31
<p>Information published.</p>
3.0
2026-01-21T01:36:57
<p>Information published.</p>
5.0
2026-02-28T01:02:28
<p>Information published.</p>
6.0
2026-03-03T01:39:06
<p>Information published.</p>
tpm: Cap the number of PCR banks
Mariner
Linux
Yes
CVE-2025-71077
20823-17084
20788-17084
20823-17084
20788-17084
Moderate
20823-17084
Moderate
20788-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20823-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20788-17084
CBL-Mariner Releases
20823-17084
No
Security Update
6.6.121.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20823-17084
CBL-Mariner Releases
2.0
2026-01-20T14:37:51
<p>Information published.</p>
3.0
2026-02-18T14:32:10
<p>Information published.</p>
1.0
2026-01-15T01:05:32
<p>Information published.</p>
net: hns3: using the num_tqps in the vf driver to apply for resources
Mariner
Linux
Yes
CVE-2025-71064
20823-17084
20788-17084
20823-17084
20788-17084
Critical
20823-17084
Critical
20788-17084
9.8
9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
20823-17084
9.8
9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
20788-17084
CBL-Mariner Releases
20823-17084
No
Security Update
6.6.121.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20823-17084
CBL-Mariner Releases
2.0
2026-01-20T14:38:02
<p>Information published.</p>
3.0
2026-01-21T01:37:14
<p>Information published.</p>
4.0
2026-02-21T04:20:16
<p>Information published.</p>
1.0
2026-01-15T01:05:37
<p>Information published.</p>
hfsplus: fix missing hfs_bnode_get() in __hfs_bnode_create
Mariner
Linux
Yes
CVE-2025-68774
20823-17084
20788-17084
20823-17084
20788-17084
Moderate
20823-17084
Moderate
20788-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20823-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20788-17084
CBL-Mariner Releases
20823-17084
No
Security Update
6.6.121.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20823-17084
CBL-Mariner Releases
2.0
2026-01-20T14:38:12
<p>Information published.</p>
3.0
2026-02-18T14:32:35
<p>Information published.</p>
1.0
2026-01-15T01:05:42
<p>Information published.</p>
fsnotify: do not generate ACCESS/MODIFY events on child for special files
Mariner
Linux
Yes
CVE-2025-68788
20788-17084
20823-17084
20788-17084
20823-17084
Moderate
20788-17084
Moderate
20823-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
20788-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
20823-17084
CBL-Mariner Releases
20823-17084
No
Security Update
6.6.121.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20823-17084
CBL-Mariner Releases
2.0
2026-01-20T14:38:23
<p>Information published.</p>
3.0
2026-02-18T14:32:59
<p>Information published.</p>
1.0
2026-01-15T01:05:48
<p>Information published.</p>
Input: ti_am335x_tsc - fix off-by-one error in wire_order validation
Mariner
Linux
Yes
CVE-2025-68777
20823-17084
20788-17084
20823-17084
20788-17084
Moderate
20823-17084
Moderate
20788-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20823-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20788-17084
CBL-Mariner Releases
20823-17084
No
Security Update
6.6.121.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20823-17084
CBL-Mariner Releases
2.0
2026-01-20T14:38:33
<p>Information published.</p>
3.0
2026-02-18T14:33:25
<p>Information published.</p>
1.0
2026-01-15T01:05:53
<p>Information published.</p>
mptcp: fallback earlier on simult connection
Mariner
Linux
Yes
CVE-2025-71088
20823-17084
20788-17084
20823-17084
20788-17084
Moderate
20823-17084
Moderate
20788-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20823-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20788-17084
CBL-Mariner Releases
20823-17084
No
Security Update
6.6.121.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20823-17084
CBL-Mariner Releases
1.0
2026-01-15T01:05:58
<p>Information published.</p>
3.0
2026-02-18T14:33:51
<p>Information published.</p>
2.0
2026-01-20T14:38:44
<p>Information published.</p>
net/handshake: duplicate handshake cancellations leak socket
Mariner
Linux
Yes
CVE-2025-68775
20823-17084
20788-17084
20823-17084
20788-17084
Moderate
20823-17084
Moderate
20788-17084
6.5
6.5
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20823-17084
6.5
6.5
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20788-17084
CBL-Mariner Releases
20823-17084
No
Security Update
6.6.121.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20823-17084
CBL-Mariner Releases
2.0
2026-01-20T14:38:53
<p>Information published.</p>
1.0
2026-01-15T01:06:04
<p>Information published.</p>
3.0
2026-02-18T14:34:17
<p>Information published.</p>
char: applicom: fix NULL pointer dereference in ac_ioctl
Mariner
Linux
Yes
CVE-2025-68797
20788-17084
20823-17084
20788-17084
20823-17084
Moderate
20788-17084
Moderate
20823-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20788-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20823-17084
CBL-Mariner Releases
20823-17084
No
Security Update
6.6.121.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20823-17084
CBL-Mariner Releases
2.0
2026-01-20T14:39:03
<p>Information published.</p>
1.0
2026-01-15T01:06:09
<p>Information published.</p>
3.0
2026-02-18T14:34:42
<p>Information published.</p>
ASoC: stm32: sai: fix OF node leak on probe
Mariner
Linux
Yes
CVE-2025-71081
20823-17084
20788-17084
20823-17084
20788-17084
Important
20823-17084
Important
20788-17084
7.1
7.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
20823-17084
7.1
7.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
20788-17084
CBL-Mariner Releases
20823-17084
No
Security Update
6.6.121.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20823-17084
CBL-Mariner Releases
2.0
2026-01-20T14:39:14
<p>Information published.</p>
3.0
2026-01-21T14:36:52
<p>Information published.</p>
4.0
2026-02-21T04:22:25
<p>Information published.</p>
1.0
2026-01-15T01:06:14
<p>Information published.</p>
ip6_gre: make ip6gre_header() robust
Mariner
Linux
Yes
CVE-2025-71098
20823-17084
20788-17084
20823-17084
20788-17084
Critical
20823-17084
Critical
20788-17084
9.8
9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
20823-17084
9.8
9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
20788-17084
CBL-Mariner Releases
20823-17084
No
Security Update
6.6.121.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20823-17084
CBL-Mariner Releases
2.0
2026-01-20T14:39:25
<p>Information published.</p>
3.0
2026-02-18T14:35:08
<p>Information published.</p>
1.0
2026-01-15T01:06:20
<p>Information published.</p>
net/hsr: fix NULL pointer dereference in prp_get_untagged_frame()
Mariner
Linux
Yes
CVE-2025-68776
20823-17084
20788-17084
20823-17084
20788-17084
Moderate
20823-17084
Moderate
20788-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20823-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20788-17084
CBL-Mariner Releases
20823-17084
No
Security Update
6.6.121.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20823-17084
CBL-Mariner Releases
1.0
2026-01-15T01:06:25
<p>Information published.</p>
2.0
2026-01-20T14:39:35
<p>Information published.</p>
3.0
2026-02-18T14:35:33
<p>Information published.</p>
team: fix check for port enabled in team_queue_override_port_prio_changed()
Mariner
Linux
Yes
CVE-2025-71091
20823-17084
20788-17084
20823-17084
20788-17084
Moderate
20823-17084
Moderate
20788-17084
6.3
6.3
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H
20823-17084
6.3
6.3
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H
20788-17084
CBL-Mariner Releases
20823-17084
No
Security Update
6.6.121.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20823-17084
CBL-Mariner Releases
2.0
2026-01-20T14:39:45
<p>Information published.</p>
1.0
2026-01-15T01:06:30
<p>Information published.</p>
3.0
2026-02-18T14:35:57
<p>Information published.</p>
functionfs: fix the open/removal races
Mariner
Linux
Yes
CVE-2025-71074
20823-17084
20925-17086
21093-17086
20788-17084
20860-17084
20823-17084
20925-17086
21093-17086
20788-17084
20860-17084
Critical
20823-17084
Moderate
20925-17086
Moderate
21093-17086
Critical
20788-17084
Critical
20860-17084
9.8
9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
20823-17084
4.7
4.7
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
20925-17086
4.7
4.7
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
21093-17086
9.8
9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
20788-17084
9.8
9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
20860-17084
1.0
2026-01-15T01:06:35
<p>Information published.</p>
2.0
2026-01-20T14:39:56
<p>Information published.</p>
3.0
2026-01-21T01:38:00
<p>Information published.</p>
4.0
2026-02-21T04:23:33
<p>Information published.</p>
5.0
2026-03-27T01:02:43
<p>Information published.</p>
6.0
2026-03-31T14:52:20
<p>Information published.</p>
net: usb: asix: validate PHY address before use
Mariner
Linux
Yes
CVE-2025-71094
20823-17084
20788-17084
20823-17084
20788-17084
Low
20823-17084
Low
20788-17084
1.8
1.8
CVSS:3.1/AV:P/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L
20823-17084
1.8
1.8
CVSS:3.1/AV:P/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L
20788-17084
CBL-Mariner Releases
20823-17084
No
Security Update
6.6.121.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20823-17084
CBL-Mariner Releases
2.0
2026-01-20T14:40:06
<p>Information published.</p>
3.0
2026-02-18T14:36:19
<p>Information published.</p>
1.0
2026-01-15T01:06:40
<p>Information published.</p>
f2fs: invalidate dentry cache on failed whiteout creation
Mariner
Linux
Yes
CVE-2025-71069
20788-17084
20823-17084
20788-17084
20823-17084
Moderate
20788-17084
Moderate
20823-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20788-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20823-17084
CBL-Mariner Releases
20823-17084
No
Security Update
6.6.121.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20823-17084
CBL-Mariner Releases
2.0
2026-01-20T14:40:48
<p>Information published.</p>
3.0
2026-02-18T14:37:03
<p>Information published.</p>
1.0
2026-01-15T01:07:02
<p>Information published.</p>
platform/x86: hp-bioscfg: Fix out-of-bounds array access in ACPI package parsing
Mariner
Linux
Yes
CVE-2025-71101
20823-17084
20788-17084
20823-17084
20788-17084
Important
20823-17084
Important
20788-17084
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
20823-17084
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
20788-17084
CBL-Mariner Releases
20823-17084
No
Security Update
6.6.121.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20823-17084
CBL-Mariner Releases
2.0
2026-01-20T14:40:58
<p>Information published.</p>
4.0
2026-02-21T04:25:15
<p>Information published.</p>
1.0
2026-01-15T01:07:07
<p>Information published.</p>
3.0
2026-01-21T14:36:59
<p>Information published.</p>
sched/deadline: only set free_cpus for online runqueues
Mariner
Linux
Yes
CVE-2025-68780
20788-17084
20823-17084
20788-17084
20823-17084
Moderate
20788-17084
Moderate
20823-17084
5.5
5.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U
20788-17084
5.5
5.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U
20823-17084
CBL-Mariner Releases
20823-17084
No
Security Update
6.6.121.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20823-17084
CBL-Mariner Releases
2.0
2026-01-20T14:41:09
<p>Information published.</p>
1.0
2026-01-15T01:07:13
<p>Information published.</p>
3.0
2026-02-18T14:37:22
<p>Information published.</p>
media: adv7842: Avoid possible out-of-bounds array accesses in adv7842_cp_log_status()
Mariner
Linux
Yes
CVE-2025-71136
20788-17084
20823-17084
20788-17084
20823-17084
Moderate
20788-17084
Moderate
20823-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20788-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20823-17084
CBL-Mariner Releases
20823-17084
No
Security Update
6.6.121.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20823-17084
CBL-Mariner Releases
2.0
2026-01-20T14:41:41
<p>Information published.</p>
1.0
2026-01-16T01:01:32
<p>Information published.</p>
3.0
2026-02-18T14:38:41
<p>Information published.</p>
hwmon: (w83791d) Convert macros to functions to avoid TOCTOU
Mariner
Linux
Yes
CVE-2025-71111
20823-17084
20788-17084
20823-17084
20788-17084
Moderate
20823-17084
Moderate
20788-17084
6.3
6.3
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H
20823-17084
6.3
6.3
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H
20788-17084
CBL-Mariner Releases
20823-17084
No
Security Update
6.6.121.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20823-17084
CBL-Mariner Releases
2.0
2026-01-20T14:42:03
<p>Information published.</p>
3.0
2026-02-18T14:39:13
<p>Information published.</p>
1.0
2026-01-16T01:01:42
<p>Information published.</p>
ACPICA: Avoid walking the Namespace if start_node is NULL
Mariner
Linux
Yes
CVE-2025-71118
20823-17084
20788-17084
20823-17084
20788-17084
Moderate
20823-17084
Moderate
20788-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20823-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20788-17084
CBL-Mariner Releases
20823-17084
No
Security Update
6.6.121.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20823-17084
CBL-Mariner Releases
2.0
2026-01-20T14:42:15
<p>Information published.</p>
3.0
2026-02-18T14:39:35
<p>Information published.</p>
1.0
2026-01-16T01:01:48
<p>Information published.</p>
powerpc/kexec: Enable SMT before waking offline CPUs
Mariner
Linux
Yes
CVE-2025-71119
20823-17084
20788-17084
20823-17084
20788-17084
Moderate
20823-17084
Moderate
20788-17084
4.7
4.7
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
20823-17084
4.7
4.7
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
20788-17084
CBL-Mariner Releases
20823-17084
No
Security Update
6.6.121.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20823-17084
CBL-Mariner Releases
2.0
2026-01-20T14:42:35
<p>Information published.</p>
3.0
2026-02-18T14:40:05
<p>Information published.</p>
1.0
2026-01-16T01:01:58
<p>Information published.</p>
wifi: mac80211: Discard Beacon frames to non-broadcast address
Mariner
Linux
Yes
CVE-2025-71127
20823-17084
20788-17084
20823-17084
20788-17084
Moderate
20823-17084
Moderate
20788-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20823-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20788-17084
CBL-Mariner Releases
20823-17084
No
Security Update
6.6.121.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20823-17084
CBL-Mariner Releases
2.0
2026-01-20T14:44:09
<p>Information published.</p>
1.0
2026-01-16T01:02:52
<p>Information published.</p>
3.0
2026-02-18T14:44:12
<p>Information published.</p>
iommufd/selftest: Check for overflow in IOMMU_TEST_OP_ADD_RESERVED
Mariner
Linux
Yes
CVE-2025-71122
20823-17084
20788-17084
20823-17084
20788-17084
Important
20823-17084
Important
20788-17084
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
20823-17084
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
20788-17084
CBL-Mariner Releases
20823-17084
No
Security Update
6.6.121.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20823-17084
CBL-Mariner Releases
2.0
2026-01-20T14:44:19
<p>Information published.</p>
3.0
2026-01-21T01:40:49
<p>Information published.</p>
4.0
2026-02-21T04:19:03
<p>Information published.</p>
1.0
2026-01-16T01:02:57
<p>Information published.</p>
drm/i915/gem: Zero-initialize the eb.vma array in i915_gem_do_execbuffer
Mariner
Linux
Yes
CVE-2025-71130
20823-17084
20788-17084
20823-17084
20788-17084
Important
20823-17084
Important
20788-17084
7.1
7.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
20823-17084
7.1
7.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
20788-17084
CBL-Mariner Releases
20823-17084
No
Security Update
6.6.121.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20823-17084
CBL-Mariner Releases
2.0
2026-01-20T14:44:40
<p>Information published.</p>
3.0
2026-02-18T14:44:46
<p>Information published.</p>
1.0
2026-01-16T01:03:07
<p>Information published.</p>
crypto: af_alg - zero initialize memory allocated via sock_kmalloc
Mariner
Linux
Yes
CVE-2025-71113
20823-17084
20788-17084
20823-17084
20788-17084
Moderate
20823-17084
Moderate
20788-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20823-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20788-17084
CBL-Mariner Releases
20823-17084
No
Security Update
6.6.121.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20823-17084
CBL-Mariner Releases
3.0
2026-02-18T14:46:00
<p>Information published.</p>
1.0
2026-01-16T01:03:18
<p>Information published.</p>
2.0
2026-01-20T14:45:00
<p>Information published.</p>
drm/msm/dpu: Add missing NULL pointer check for pingpong interface
Mariner
Linux
Yes
CVE-2025-71138
20788-17084
20823-17084
20788-17084
20823-17084
Moderate
20788-17084
Moderate
20823-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20788-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20823-17084
CBL-Mariner Releases
20823-17084
No
Security Update
6.6.121.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20823-17084
CBL-Mariner Releases
2.0
2026-01-20T14:45:10
<p>Information published.</p>
3.0
2026-02-18T14:46:38
<p>Information published.</p>
1.0
2026-01-16T01:03:23
<p>Information published.</p>
scs: fix a wrong parameter in __scs_magic
Mariner
Linux
Yes
CVE-2025-71102
20788-17084
20823-17084
20788-17084
20823-17084
Moderate
20788-17084
Moderate
20823-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20788-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20823-17084
CBL-Mariner Releases
20823-17084
No
Security Update
6.6.121.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20823-17084
CBL-Mariner Releases
1.0
2026-01-16T01:03:28
<p>Information published.</p>
2.0
2026-01-20T14:45:20
<p>Information published.</p>
3.0
2026-02-18T14:47:17
<p>Information published.</p>
f2fs: use global inline_xattr_slab instead of per-sb slab cache
Mariner
Linux
Yes
CVE-2025-71105
20823-17084
20788-17084
20823-17084
20788-17084
Important
20823-17084
Important
20788-17084
7.1
7.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
20823-17084
7.1
7.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
20788-17084
CBL-Mariner Releases
20823-17084
No
Security Update
6.6.121.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20823-17084
CBL-Mariner Releases
2.0
2026-01-20T14:45:30
<p>Information published.</p>
3.0
2026-01-21T01:41:30
<p>Information published.</p>
4.0
2026-02-21T04:21:09
<p>Information published.</p>
1.0
2026-01-16T01:03:34
<p>Information published.</p>
f2fs: ensure node page reads complete before f2fs_put_super() finishes
Mariner
Linux
Yes
CVE-2025-71107
20788-17084
20823-17084
20788-17084
20823-17084
Moderate
20788-17084
Moderate
20823-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20788-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20823-17084
CBL-Mariner Releases
20823-17084
No
Security Update
6.6.121.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20823-17084
CBL-Mariner Releases
2.0
2026-01-20T14:45:40
<p>Information published.</p>
3.0
2026-02-18T14:48:08
<p>Information published.</p>
1.0
2026-01-16T01:03:39
<p>Information published.</p>
Libsoup: out-of-bounds read in libsoup websocket frame processing
Mariner
redhat
Yes
CVE-2026-0716
Buffer Access with Incorrect Length Value
21112-17084
20801-17084
20601-17086
20933-17086
20958-17084
21112-17084
20801-17084
20601-17086
20933-17086
20958-17084
Moderate
21112-17084
Moderate
20801-17084
Moderate
20601-17086
Moderate
20933-17086
Moderate
20958-17084
4.8
4.6
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L/E:P
21112-17084
4.8
4.6
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L/E:P
20801-17084
4.8
4.6
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L/E:P
20601-17086
4.8
4.6
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L/E:P
20933-17086
4.8
4.6
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L/E:P
20958-17084
CBL-Mariner Releases
21112-17084
No
Security Update
3.4.4-14
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
21112-17084
CBL-Mariner Releases
CBL-Mariner Releases
20601-17086
20933-17086
No
Security Update
3.0.4-12
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20601-17086
20933-17086
CBL-Mariner Releases
CBL-Mariner Releases
20958-17084
No
Security Update
3.4.4-13
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20958-17084
CBL-Mariner Releases
1.0
2026-01-17T01:01:34
<p>Information published.</p>
2.0
2026-02-18T14:50:43
<p>Information published.</p>
6.0
2026-03-31T15:10:42
<p>Information published.</p>
3.0
2026-03-03T14:53:45
<p>Information published.</p>
4.0
2026-03-04T14:35:29
<p>Information published.</p>
5.0
2026-03-25T01:36:26
<p>Information published.</p>
In the eap-mschapv2 plugin (client-side) in strongSwan before 6.0.3, a malicious EAP-MSCHAPv2 server can send a crafted message of size 6 through 8, and cause an integer underflow that potentially results in a heap-based buffer overflow.
Mariner
mitre
Yes
CVE-2025-62291
Integer Underflow (Wrap or Wraparound)
20818-17084
18241-17086
20896-17084
20897-17086
20818-17084
18241-17086
20896-17084
20897-17086
Important
20818-17084
Important
18241-17086
Important
20896-17084
Important
20897-17086
8.1
8.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
20818-17084
8.1
8.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
18241-17086
8.1
8.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
20896-17084
8.1
8.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
20897-17086
CBL-Mariner Releases
20818-17084
20896-17084
No
Security Update
5.9.14-8
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20818-17084
20896-17084
CBL-Mariner Releases
CBL-Mariner Releases
18241-17086
20897-17086
No
Security Update
5.9.10-4
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
18241-17086
20897-17086
CBL-Mariner Releases
2.0
2026-01-19T14:37:02
<p>Information published.</p>
3.0
2026-01-21T01:42:03
<p>Information published.</p>
4.0
2026-02-18T14:53:23
<p>Information published.</p>
1.0
2026-01-18T01:01:53
<p>Information published.</p>
Libxml2: libxml2: denial of service via crafted xml catalogs
Mariner
redhat
Yes
CVE-2026-0992
Uncontrolled Resource Consumption
20622-17084
20825-17084
20901-17086
20604-17086
20960-17084
20622-17084
20825-17084
20901-17086
20604-17086
20960-17084
Low
20622-17084
Low
20825-17084
Low
20901-17086
Low
20604-17086
Low
20960-17084
2.9
2.9
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
20622-17084
2.9
2.9
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
20825-17084
2.9
2.9
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
20901-17086
2.9
2.9
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
20604-17086
2.9
2.9
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
20960-17084
CBL-Mariner Releases
20825-17084
20960-17084
No
Security Update
2.11.5-9
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20825-17084
20960-17084
CBL-Mariner Releases
CBL-Mariner Releases
20901-17086
No
Security Update
2.10.4-10
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20901-17086
CBL-Mariner Releases
3.0
2026-01-20T14:48:38
<p>Information published.</p>
4.0
2026-02-18T15:00:26
<p>Information published.</p>
6.0
2026-03-04T14:35:49
<p>Information published.</p>
1.0
2026-01-19T01:01:37
<p>Information published.</p>
2.0
2026-01-19T14:39:14
<p>Information published.</p>
5.0
2026-02-23T14:35:52
<p>Information published.</p>
wordexp with WRDE_REUSE and WRDE_APPEND may return uninitialized memory
Mariner
glibc
Yes
CVE-2025-15281
Use of Uninitialized Resource
20817-17084
20895-17084
20817-17084
20895-17084
Moderate
20817-17084
Moderate
20895-17084
6.2
5.7
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U
20817-17084
6.2
5.7
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U
20895-17084
CBL-Mariner Releases
20895-17084
No
Security Update
2.38-18
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20895-17084
CBL-Mariner Releases
1.0
2026-01-21T01:03:05
<p>Information published.</p>
2.0
2026-02-18T15:01:17
<p>Information published.</p>
In MIT Kerberos 5 (aka krb5) before 1.22 (with incremental propagation), there is an integer overflow for a large update size to resize() in kdb_log.c. An authenticated attacker can cause an out-of-bounds write and kadmind daemon crash.
Mariner
mitre
Yes
CVE-2025-24528
Integer Overflow or Wraparound
17812-17084
20384-17086
20903-17086
20902-17084
17812-17084
20384-17086
20903-17086
20902-17084
Moderate
17812-17084
Moderate
20384-17086
Moderate
20903-17086
Moderate
20902-17084
7.1
6.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:H/E:U
17812-17084
7.1
6.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:H/E:U
20384-17086
7.1
6.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:H/E:U
20903-17086
7.1
6.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:H/E:U
20902-17084
CBL-Mariner Releases
20903-17086
No
Security Update
1.19.4-5
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20903-17086
CBL-Mariner Releases
CBL-Mariner Releases
20902-17084
No
Security Update
1.21.3-3
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20902-17084
CBL-Mariner Releases
1.0
2026-01-21T01:04:46
<p>Information published.</p>
2.0
2026-02-18T15:03:11
<p>Information published.</p>
Libsndfile <=1.2.2 contains a memory leak vulnerability in the mpeg_l3_encoder_init() function within the mpeg_l3_encode.c file.
Mariner
mitre
Yes
CVE-2025-56226
Missing Release of Memory after Effective Lifetime
17592-17084
20369-17086
20887-17084
17592-17084
20369-17086
20887-17084
Moderate
17592-17084
Moderate
20369-17086
Moderate
20887-17084
5.3
4.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U
17592-17084
5.3
5.3
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
20369-17086
5.3
4.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U
20887-17084
CBL-Mariner Releases
20887-17084
No
Security Update
1.2.2-4
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20887-17084
CBL-Mariner Releases
1.0
2026-01-21T01:05:00
<p>Information published.</p>
2.0
2026-02-18T15:03:32
<p>Information published.</p>
net/mlx5e: Fix crash on profile change rollback failure
Mariner
Linux
Yes
CVE-2026-23000
NULL Pointer Dereference
20925-17086
17087-17086
21093-17086
20925-17086
17087-17086
21093-17086
Moderate
20925-17086
Moderate
17087-17086
Moderate
21093-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20925-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
17087-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
21093-17086
1.0
2026-02-26T01:02:05
<p>Information published.</p>
2.0
2026-03-03T14:55:28
<p>Information published.</p>
3.0
2026-03-31T15:15:57
<p>Information published.</p>
ksmbd: Fix refcount leak when invalid session is found on session lookup
Mariner
Linux
Yes
CVE-2025-71150
17087-17086
20925-17086
21093-17086
17087-17086
20925-17086
21093-17086
Moderate
17087-17086
Moderate
20925-17086
Moderate
21093-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
17087-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20925-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
21093-17086
3.0
2026-03-03T15:01:24
<p>Information published.</p>
4.0
2026-03-31T14:36:51
<p>Information published.</p>
1.0
2026-02-28T01:02:44
<p>Information published.</p>
2.0
2026-03-02T14:37:33
<p>Information published.</p>
dmaengine: tegra-adma: Fix use-after-free
Mariner
Linux
Yes
CVE-2025-71162
Use After Free
17087-17086
17087-17086
Important
17087-17086
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
17087-17086
1.0
2026-02-28T01:03:11
<p>Information published.</p>
2.0
2026-03-03T01:39:16
<p>Information published.</p>
net: fix memory leak in skb_segment_list for GRO packets
Mariner
Linux
Yes
CVE-2026-22979
Missing Release of Memory after Effective Lifetime
17087-17086
20925-17086
21093-17086
17087-17086
20925-17086
21093-17086
Moderate
17087-17086
Moderate
20925-17086
Moderate
21093-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
17087-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20925-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
21093-17086
2.0
2026-03-02T14:38:12
<p>Information published.</p>
3.0
2026-03-03T15:04:19
<p>Information published.</p>
4.0
2026-03-31T14:38:26
<p>Information published.</p>
1.0
2026-02-28T01:03:39
<p>Information published.</p>
nfsd: provide locking for v4_end_grace
Mariner
Linux
Yes
CVE-2026-22980
Use After Free
17087-17086
17087-17086
Important
17087-17086
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
17087-17086
CBL-Mariner Releases
17087-17086
No
Security Update
5.15.200.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17087-17086
CBL-Mariner Releases
2.0
2026-03-03T15:04:31
<p>Information published.</p>
1.0
2026-02-28T01:03:44
<p>Information published.</p>
net: mscc: ocelot: Fix crash when adding interface under a lag
Mariner
Linux
Yes
CVE-2026-22982
NULL Pointer Dereference
17087-17086
17087-17086
Moderate
17087-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
17087-17086
CBL-Mariner Releases
17087-17086
No
Security Update
5.15.200.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17087-17086
CBL-Mariner Releases
3.0
2026-03-03T15:04:40
<p>Information published.</p>
1.0
2026-02-28T01:03:50
<p>Information published.</p>
2.0
2026-03-02T14:38:17
<p>Information published.</p>
libceph: prevent potential out-of-bounds reads in handle_auth_done()
Mariner
Linux
Yes
CVE-2026-22984
17087-17086
17087-17086
Important
17087-17086
7.1
7.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
17087-17086
CBL-Mariner Releases
17087-17086
No
Security Update
5.15.200.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17087-17086
CBL-Mariner Releases
1.0
2026-02-28T01:03:55
<p>Information published.</p>
2.0
2026-03-03T15:04:48
<p>Information published.</p>
libceph: replace overzealous BUG_ON in osdmap_apply_incremental()
Mariner
Linux
Yes
CVE-2026-22990
17087-17086
17087-17086
Moderate
17087-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
17087-17086
CBL-Mariner Releases
17087-17086
No
Security Update
5.15.200.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17087-17086
CBL-Mariner Releases
2.0
2026-03-02T14:38:22
<p>Information published.</p>
1.0
2026-02-28T01:04:00
<p>Information published.</p>
3.0
2026-03-03T15:04:54
<p>Information published.</p>
libceph: make free_choose_arg_map() resilient to partial allocation
Mariner
Linux
Yes
CVE-2026-22991
NULL Pointer Dereference
17087-17086
17087-17086
Moderate
17087-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
17087-17086
CBL-Mariner Releases
17087-17086
No
Security Update
5.15.200.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17087-17086
CBL-Mariner Releases
3.0
2026-03-03T15:05:01
<p>Information published.</p>
1.0
2026-02-28T01:04:06
<p>Information published.</p>
2.0
2026-03-02T14:38:27
<p>Information published.</p>
net/sched: sch_qfq: do not free existing class in qfq_change_class()
Mariner
Linux
Yes
CVE-2026-22999
17087-17086
17087-17086
Moderate
17087-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
17087-17086
CBL-Mariner Releases
17087-17086
No
Security Update
5.15.200.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17087-17086
CBL-Mariner Releases
1.0
2026-02-28T01:04:35
<p>Information published.</p>
3.0
2026-03-03T14:37:23
<p>Information published.</p>
2.0
2026-03-02T14:38:52
<p>Information published.</p>
A heap-based buffer over-read that might affect a system that compiles untrusted Lua code in turanszkij/WickedEngine.
Mariner
GovTech CSG
Yes
CVE-2026-24821
Out-of-bounds Read
20704-17086
20704-17086
Critical
20704-17086
1.0
2026-03-05T01:08:27
<p>Information published.</p>
2.0
2026-03-06T01:38:03
<p>Information published.</p>
lief-project LIEF ELF Binary Parser.tcc parse_binary null pointer dereference
Mariner
VulDB
Yes
CVE-2025-15504
NULL Pointer Dereference
21259-17084
21192-17084
21259-17084
21192-17084
Moderate
21259-17084
Moderate
21192-17084
3.3
3.0
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C
21259-17084
3.3
3.0
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C
21192-17084
2.0
2026-04-29T14:52:56
<p>Information published.</p>
1.0
2026-04-11T01:10:33
<p>Information published.</p>
3.0
2026-04-30T01:52:39
<p>Information published.</p>
Dynamic Root of Trust for Measurement (DRTM) Information Disclosure Vulnerability
<p>Use of uninitialized resource in Dynamic Root of Trust for Measurement (DRTM) allows an authorized attacker to disclose information locally.</p>
<p><strong>What type of information could be disclosed by this vulnerability?</strong></p>
<p>The type of information that could be disclosed if an attacker successfully exploited this vulnerability is Windows cryptographic secrets.</p>
Dynamic Root of Trust for Measurement (DRTM)
Microsoft
Yes
CVE-2026-20962
Use of Uninitialized Resource
20438
20437
11568
11569
11571
11572
11923
11924
11929
11930
11931
12097
12098
12099
12437
12242
12243
12244
12389
12390
12436
Information Disclosure
20438
Information Disclosure
20437
Information Disclosure
11568
Information Disclosure
11569
Information Disclosure
11571
Information Disclosure
11572
Information Disclosure
11923
Information Disclosure
11924
Information Disclosure
11929
Information Disclosure
11930
Information Disclosure
11931
Information Disclosure
12097
Information Disclosure
12098
Information Disclosure
12099
Information Disclosure
12437
Information Disclosure
12242
Information Disclosure
12243
Information Disclosure
12244
Information Disclosure
12389
Information Disclosure
12390
Information Disclosure
12436
Important
20438
Important
20437
Important
11568
Important
11569
Important
11571
Important
11572
Important
11923
Important
11924
Important
11929
Important
11930
Important
11931
Important
12097
Important
12098
Important
12099
Important
12437
Important
12242
Important
12243
Important
12244
Important
12389
Important
12390
Important
12436
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
4.4
3.9
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
20438
4.4
3.9
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
20437
4.4
3.9
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11568
4.4
3.9
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11569
4.4
3.9
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11571
4.4
3.9
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11572
4.4
3.9
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11923
4.4
3.9
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11924
4.4
3.9
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11929
4.4
3.9
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11930
4.4
3.9
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11931
4.4
3.9
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12097
4.4
3.9
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12098
4.4
3.9
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12099
4.4
3.9
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12437
4.4
3.9
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12242
4.4
3.9
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12243
4.4
3.9
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12244
4.4
3.9
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12389
4.4
3.9
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12390
4.4
3.9
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12436
5074109
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5074109
5072033
20438
20437
Yes
Security Update
10.0.26200.7623
https://support.microsoft.com/help/5074109
20438
20437
5074109
5074109
https://support.microsoft.com/help/5074109
20438
20437
12389
12390
5073723
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073723
5071544
11568
11569
11571
11572
Yes
Security Update
10.0.17763.8276
https://support.microsoft.com/help/5073723
11568
11569
11571
11572
5073723
5073723
https://support.microsoft.com/help/5073723
11568
11569
11571
11572
5073457
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073457
5071547
11923
11924
Yes
Security Update
10.0.20348.4648
https://support.microsoft.com/help/5073457
11923
11924
5073457
5073457
https://support.microsoft.com/help/5073457
11923
11924
5073724
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073724
5071546
11929
11930
11931
Yes
Security Update
10.0.19044.6809
https://support.microsoft.com/help/5073724
11929
11930
11931
5073724
5073724
https://support.microsoft.com/help/5073724
11929
11930
11931
12097
12098
12099
5073724
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073724
5071546
12097
12098
12099
Yes
Security Update
10.0.19045.6809
https://support.microsoft.com/help/5073724
12097
12098
12099
5073724
5073379
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073379
5072033
12437
12436
Yes
Security Update
10.0.26100.32230
https://support.microsoft.com/en-us/topic/a6021fd2-b3b7-45a7-b68e-35c28a2a77da
12437
12436
5073379
5073379
https://support.microsoft.com/help/5073379
12437
12436
5073455
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073455
5071417
12242
12243
Yes
Security Update
10.0.22631.6491
https://support.microsoft.com/help/5073455
12242
12243
5073455
5073455
https://support.microsoft.com/help/5073455
12242
12243
5073450
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073450
5071542
12244
Yes
Security Update
10.0.25398.2092
https://support.microsoft.com/help/5073450
12244
5073450
5073450
https://support.microsoft.com/help/5073450
12244
5074109
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5074109
5072033
12389
12390
Yes
Security Update
10.0.26100.7623
https://support.microsoft.com/help/5074109
12389
12390
5074109
Andrea Allievi
Hilal Asmat
1.0
2026-01-13T08:00:00
<p>Information published.</p>
Secure Boot Certificate Expiration Security Feature Bypass Vulnerability
<p>Windows Secure Boot stores Microsoft certificates in the UEFI KEK and DB. These original certificates are approaching expiration, and devices containing affected certificate versions must update them to maintain Secure Boot functionality and avoid compromising security by losing security fixes related to Windows boot manager or Secure Boot.</p>
<p>The operating system’s certificate update protection mechanism relies on firmware components that might contain defects, which can cause certificate trust updates to fail or behave unpredictably. This leads to potential disruption of the Secure Boot trust chain and requires careful validation and deployment to restore intended security guarantees.</p>
<table>
<thead>
<tr>
<th>Certificate Authority (CA)</th>
<th>Location</th>
<th>Purpose</th>
<th>Expiration Date</th>
</tr>
</thead>
<tbody>
<tr>
<td>Microsoft Corporation KEK CA 2011</td>
<td>KEK</td>
<td>Signs updates to the DB and DBX</td>
<td>06/24/2026</td>
</tr>
<tr>
<td>Microsoft Corporation UEFI CA 2011</td>
<td>DB</td>
<td>Signs 3rd party boot loaders, Option ROMs, etc.</td>
<td>06/27/2026</td>
</tr>
<tr>
<td>Microsoft Windows Production PCA 2011</td>
<td>DB</td>
<td>Signs the Windows Boot Manager</td>
<td>10/19/2026</td>
</tr>
</tbody>
</table>
<p>For more information see this CVE and <a href="https://aka.ms/GetSecureBoot">Windows Secure Boot certificate expiration and CA updates</a>.</p>
<p><strong>What kind of security feature could be bypassed by successfully exploiting this vulnerability?</strong></p>
<p>An attacker who successfully exploited this vulnerability could bypass Secure Boot.</p>
<p><strong>Where can I find more information about Windows Secure Boot certificate expiration?</strong></p>
<p>To understand more about Windows Secure Boot and the importance of taking immediate action to renew your certificates see <a href="https://support.microsoft.com/en-us/topic/windows-secure-boot-certificate-expiration-and-ca-updates-7ff40d33-95dc-4c3c-8725-a9b95457578e">Windows Secure Boot certificate expiration and CA updates</a>.</p>
<p>See also the following links for the actions you need to take based on your Windows device:</p>
<ul>
<li><a href="https://support.microsoft.com/en-us/topic/windows-devices-for-home-users-businesses-and-schools-with-microsoft-managed-updates-29bfd847-5855-49f1-bb94-e18497fe2315">Windows devices for home users, businesses, and schools with Microsoft-managed updates</a></li>
<li><a href="https://support.microsoft.com/en-us/topic/windows-devices-with-it-managed-updates-e2b43f9f-b424-42df-bc6a-8476db65ab2f">Windows devices with IT-managed updates</a></li>
<li>Secure Boot FAQs can be found here: <a href="https://support.microsoft.com/en-us/topic/frequently-asked-questions-about-the-secure-boot-update-process-b34bf675-b03a-4d34-b689-98ec117c7818">Secure Boot FAQs</a></li>
</ul>
<p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p>
<p>Successful exploitation of this vulnerability requires an attacker to have a deep understanding of the system and the ability to manipulate its components to trigger a specific condition. Successful exploitation is not guaranteed and depends on a combination of factors that may include the environment, system configuration, and the presence of additional security measures.</p>
Windows Secure Boot
Microsoft
Yes
CVE-2026-21265
11568
11569
11571
11572
11923
11924
11929
11930
11931
12097
12098
12099
12437
20437
20438
12242
12243
12244
12389
12390
12436
10852
10853
10816
10855
10378
10379
10483
10543
Security Feature Bypass
11568
Security Feature Bypass
11569
Security Feature Bypass
11571
Security Feature Bypass
11572
Security Feature Bypass
11923
Security Feature Bypass
11924
Security Feature Bypass
11929
Security Feature Bypass
11930
Security Feature Bypass
11931
Security Feature Bypass
12097
Security Feature Bypass
12098
Security Feature Bypass
12099
Security Feature Bypass
12437
Security Feature Bypass
20437
Security Feature Bypass
20438
Security Feature Bypass
12242
Security Feature Bypass
12243
Security Feature Bypass
12244
Security Feature Bypass
12389
Security Feature Bypass
12390
Security Feature Bypass
12436
Security Feature Bypass
10852
Security Feature Bypass
10853
Security Feature Bypass
10816
Security Feature Bypass
10855
Security Feature Bypass
10378
Security Feature Bypass
10379
Security Feature Bypass
10483
Security Feature Bypass
10543
Important
11568
Important
11569
Important
11571
Important
11572
Important
11923
Important
11924
Important
11929
Important
11930
Important
11931
Important
12097
Important
12098
Important
12099
Important
12437
Important
20437
Important
20438
Important
12242
Important
12243
Important
12244
Important
12389
Important
12390
Important
12436
Important
10852
Important
10853
Important
10816
Important
10855
Important
10378
Important
10379
Important
10483
Important
10543
Publicly Disclosed:Yes;Exploited:No;Latest Software Release:Exploitation Less Likely
6.4
5.6
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11568
6.4
5.6
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11569
6.4
5.6
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11571
6.4
5.6
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11572
6.4
5.6
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11923
6.4
5.6
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11924
6.4
5.6
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11929
6.4
5.6
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11930
6.4
5.6
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11931
6.4
5.6
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12097
6.4
5.6
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12098
6.4
5.6
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12099
6.4
5.6
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12437
6.4
5.6
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
20437
6.4
5.6
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
20438
6.4
5.6
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12242
6.4
5.6
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12243
6.4
5.6
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12244
6.4
5.6
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12389
6.4
5.6
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12390
6.4
5.6
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12436
6.4
5.6
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10852
6.4
5.6
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10853
6.4
5.6
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10816
6.4
5.6
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10855
6.4
5.6
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10378
6.4
5.6
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10379
6.4
5.6
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10483
6.4
5.6
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10543
5073723
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073723
5071544
11568
11569
11571
11572
Yes
Security Update
10.0.17763.8276
https://support.microsoft.com/help/5073723
11568
11569
11571
11572
5073723
5073723
https://support.microsoft.com/help/5073723
11568
11569
11571
11572
5073457
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073457
5071547
11923
11924
Yes
Security Update
10.0.20348.4648
https://support.microsoft.com/help/5073457
11923
11924
5073457
5073457
https://support.microsoft.com/help/5073457
11923
11924
5073724
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073724
5071546
11929
11930
11931
Yes
Security Update
10.0.19044.6809
https://support.microsoft.com/help/5073724
11929
11930
11931
5073724
5073724
https://support.microsoft.com/help/5073724
11929
11930
11931
12097
12098
12099
5073724
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073724
5071546
12097
12098
12099
Yes
Security Update
10.0.19045.6809
https://support.microsoft.com/help/5073724
12097
12098
12099
5073724
5073379
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073379
5072033
12437
12436
Yes
Security Update
10.0.26100.32230
https://support.microsoft.com/en-us/topic/a6021fd2-b3b7-45a7-b68e-35c28a2a77da
12437
12436
5073379
5073379
https://support.microsoft.com/help/5073379
12437
12436
5074109
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5074109
5072033
20437
20438
Yes
Security Update
10.0.26200.7623
https://support.microsoft.com/help/5074109
20437
20438
5074109
5074109
https://support.microsoft.com/help/5074109
20437
20438
12389
12390
5073455
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073455
5071417
12242
12243
Yes
Security Update
10.0.22631.6491
https://support.microsoft.com/help/5073455
12242
12243
5073455
5073455
https://support.microsoft.com/help/5073455
12242
12243
5073450
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073450
5071542
12244
Yes
Security Update
10.0.25398.2092
https://support.microsoft.com/help/5073450
12244
5073450
5073450
https://support.microsoft.com/help/5073450
12244
5074109
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5074109
5072033
12389
12390
Yes
Security Update
10.0.26100.7623
https://support.microsoft.com/help/5074109
12389
12390
5074109
5073722
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073722
5071543
10852
10853
10816
10855
Yes
Security Update
10.0.14393.8783
https://support.microsoft.com/help/5073722
10852
10853
10816
10855
5073722
5073698
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073698
5071505
10378
10379
Yes
Monthly Rollup
6.2.9200.25868
https://support.microsoft.com/help/5073698
10378
10379
5073698
5073696
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073696
5071503
10483
10543
Yes
Monthly Rollup
6.3.9600.22968
https://support.microsoft.com/help/5073696
10483
10543
5073696
Microsoft
1.0
2026-01-13T08:00:00
<p>Information published.</p>
Windows Deployment Services Remote Code Execution Vulnerability
<p>Improper access control in Windows Deployment Services allows an unauthorized attacker to execute code over an adjacent network.</p>
<p><strong>Are there additional steps I need to take to be protected from this vulnerability?</strong></p>
<p>Admins should take the following steps to be protected from CVE-2026-0386:</p>
<ol>
<li>Audit existing WDS usage and identify hands-free deployments.</li>
<li>Opt in for protection by configuring the registry settings described in: <a href="https://go.microsoft.com/fwlink/?linkid=2344403">Windows Deployment Services (WDS) Hands-Free Deployment Hardening Guidance</a>. This will provide immediate protection.</li>
</ol>
<p>This security protection will be enabled by default in a future security update release and no additional administrator action will be required.</p>
<p><strong>How is Microsoft addressing this vulnerability?</strong></p>
<p>To address this vulnerability, by default the hands-free deployment feature will not be supported beginning with a security update in a future release in mid-2026.</p>
<p><strong>Why is the WDS Unattended Installation feature being deprecated?</strong></p>
<p>The legacy WDS workflow transmits unattend.xml over unauthenticated RPC, exposing sensitive credentials during PXE boot. This creates a security risk, including potential machine-in-the-middle (MITM) attacks. To strengthen security posture, Microsoft is enforcing authenticated RPC by default and removing the insecure workflow.</p>
<p><strong>Isn’t using WDS within a network-isolated environment sufficient to mitigate this vulnerability?</strong></p>
<p>Even in isolated networks, unauthenticated RPC introduces attack surfaces that can be exploited internally. Security best practices require eliminating unencrypted credential transmission and enforcing authenticated channels.</p>
<p><strong>What is the impact of this change?</strong></p>
<p>Hands-free deployments that rely on unauthenticated RPC will no longer work by default. Administrators can override this behavior via a registry key (See <a href="https://go.microsoft.com/fwlink/?linkid=2344403">Windows Deployment Services (WDS) Hands-Free Deployment Hardening Guidance</a>, but this is not recommended for production environments.</p>
<p><strong>Are there any recommended alternative solutions?</strong></p>
<p>Please see <a href="https://learn.microsoft.com/en-us/windows/deployment/wds-boot-support#reason-for-the-change">Windows Deployment Services (WDS) boot.wim support</a> for alternate recommendations by Microsoft.</p>
<p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p>
<p>The attacker must inject themselves into the logical network path between the target and the resource requested by the victim to read or modify network communications. This is called a machine-in-the-middle (MITM) attack.</p>
<p><strong>According to the CVSS metric, the attack vector is adjacent (AV:A). What does that mean for this vulnerability?</strong></p>
<p>An authenticated attacker could exploit this vulnerability with LAN access.</p>
Windows Deployment Services
Microsoft
Yes
CVE-2026-0386
Improper Access Control
11571
11572
11923
11924
12437
12244
12436
10816
10855
9312
10287
9318
9344
10051
10049
10378
10379
10483
10543
Remote Code Execution
11571
Remote Code Execution
11572
Remote Code Execution
11923
Remote Code Execution
11924
Remote Code Execution
12437
Remote Code Execution
12244
Remote Code Execution
12436
Remote Code Execution
10816
Remote Code Execution
10855
Remote Code Execution
9312
Remote Code Execution
10287
Remote Code Execution
9318
Remote Code Execution
9344
Remote Code Execution
10051
Remote Code Execution
10049
Remote Code Execution
10378
Remote Code Execution
10379
Remote Code Execution
10483
Remote Code Execution
10543
Important
11571
Important
11572
Important
11923
Important
11924
Important
12437
Important
12244
Important
12436
Important
10816
Important
10855
Important
9312
Important
10287
Important
9318
Important
9344
Important
10051
Important
10049
Important
10378
Important
10379
Important
10483
Important
10543
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely
7.5
6.5
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11571
7.5
6.5
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11572
7.5
6.5
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11923
7.5
6.5
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11924
7.5
6.5
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12437
7.5
6.5
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12244
7.5
6.5
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12436
7.5
6.5
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10816
7.5
6.5
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10855
7.5
6.5
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9312
7.5
6.5
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10287
7.5
6.5
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9318
7.5
6.5
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9344
7.5
6.5
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10051
7.5
6.5
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10049
7.5
6.5
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10378
7.5
6.5
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10379
7.5
6.5
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10483
7.5
6.5
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10543
5073723
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073723
5071544
11571
11572
Yes
Security Update
10.0.17763.8276
https://support.microsoft.com/help/5073723
11571
11572
5073723
5073723
https://support.microsoft.com/help/5073723
11571
11572
5073457
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073457
5071547
11923
11924
Yes
Security Update
10.0.20348.4648
https://support.microsoft.com/help/5073457
11923
11924
5073457
5073457
https://support.microsoft.com/help/5073457
11923
11924
5073379
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073379
5072033
12437
12436
Yes
Security Update
10.0.26100.32230
https://support.microsoft.com/en-us/topic/a6021fd2-b3b7-45a7-b68e-35c28a2a77da
12437
12436
5073379
5073379
https://support.microsoft.com/help/5073379
12437
12436
5073450
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073450
5071542
12244
Yes
Security Update
10.0.25398.2092
https://support.microsoft.com/help/5073450
12244
5073450
5073450
https://support.microsoft.com/help/5073450
12244
5073722
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073722
5071543
10816
10855
Yes
Security Update
10.0.14393.8783
https://support.microsoft.com/help/5073722
10816
10855
5073722
5073697
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073697
5071504
9312
10287
9318
9344
Yes
Monthly Rollup
6.0.6003.23717
https://support.microsoft.com/help/5073697
9312
10287
9318
9344
5073697
5073700
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073700
9312
10287
9318
9344
Yes
Security Only
6.0.6003.23717
https://support.microsoft.com/help/5073700
9312
10287
9318
9344
5073700
5073695
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073695
5071501
10051
10049
Yes
Monthly Rollup
6.1.7601.28117
https://support.microsoft.com/help/5073695
10051
10049
5073695
5073699
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073699
10051
10049
Yes
Security Only
6.1.7601.28117
https://support.microsoft.com/help/5073699
10051
10049
5073699
5073698
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073698
5071505
10378
10379
Yes
Monthly Rollup
6.2.9200.25868
https://support.microsoft.com/help/5073698
10378
10379
5073698
5073696
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073696
5071503
10483
10543
Yes
Monthly Rollup
6.3.9600.22968
https://support.microsoft.com/help/5073696
10483
10543
5073696
Microsoft Offensive Research and Security Engineering (MORSE) with Microsoft
1.0
2026-01-13T08:00:00
<p>Information published.</p>
Microsoft SQL Server Elevation of Privilege Vulnerability
<p>Missing authentication for critical function in SQL Server allows an authorized attacker to elevate privileges over a network.</p>
<p><strong>I am running SQL Server on my system. What action do I need to take?</strong></p>
<p>Update your relevant version of SQL Server. Any applicable driver fixes are included in those updates.</p>
<p><strong>There are GDR and/or CU (Cumulative Update) updates offered for my version of SQL Server. How do I know which update to use?</strong></p>
<ul>
<li>First, determine your SQL Server version number. For more information on determining your SQL Server version number, see <a href="https://learn.microsoft.com/en-us/troubleshoot/sql/releases/download-and-install-latest-updates">Microsoft Knowledge Base Article 321185</a> - How to determine the version, edition, and update level of SQL Server and its components.</li>
<li>Second, in the following table, locate your version number or the version range that your version number falls within. The corresponding update is the one you need to install.</li>
</ul>
<p><strong>Note</strong> If your SQL Server version number is not represented in the table below, your SQL Server version is no longer supported. Please upgrade to the latest Service Pack or SQL Server product to apply this and future security updates.</p>
<table>
<thead>
<tr>
<th>Update Number</th>
<th>Release</th>
<th>Version</th>
<th>Apply if current product version is…</th>
<th>This security update also includes servicing releases up through…</th>
</tr>
</thead>
<tbody>
<tr>
<td><strong>5073177</strong></td>
<td>SQL Server 2025 RTM+GDR (January GDR)</td>
<td>17.0.1050.2</td>
<td>17.0.1000.7</td>
<td>N/A</td>
</tr>
<tr>
<td><strong>5072936</strong></td>
<td>SQL Server 2022 CU22+GDR (January GDR)</td>
<td>16.0.4230.2</td>
<td>16.0.4003.1 – 16.0.4225.2</td>
<td>KB5068450 – Previous SQL2022 RTM CU22</td>
</tr>
<tr>
<td><strong>5073031</strong></td>
<td>SQL Server 2022 RTM+GDR (January GDR)</td>
<td>16.0.1165.1</td>
<td>16.0.1000.6 – 16.0.1160.1</td>
<td>KB5068407 – Previous SQL2022 RTM GDR</td>
</tr>
</tbody>
</table>
<p><strong>What are the GDR and CU update designations and how do they differ?</strong></p>
<p>The General Distribution Release (GDR) and Cumulative Update (CU) designations correspond to the two different servicing options in place for SQL Server baseline releases. A baseline can be either an RTM release or a Service Pack release.</p>
<ul>
<li>GDR updates – cumulatively only contain security updates for the given baseline.</li>
<li>CU updates – cumulatively contain all functional fixes and security updates for the given baseline.</li>
</ul>
<p>For any given baseline, either the GDR or CU updates could be options (see below).</p>
<ul>
<li>If SQL Server installation is at a baseline version, you can choose either the GDR or CU update.</li>
<li>If SQL Server installation has intentionally only installed past GDR updates, then choose to install the GDR update package.</li>
<li>If SQL Server installation has intentionally installed previous CU updates, then choose to install the CU security update package.</li>
</ul>
<p><strong>Note:</strong> You are allowed to make a change from GDR updates to CU updates ONE TIME. Once a SQL Server CU update is applied to a SQL Server installation, there is NO way to go back to the GDR update path.</p>
<p><strong>Can the security updates be applied to SQL Server instances on Windows Azure (IaaS)?</strong></p>
<p>Yes. SQL Server instances on Windows Azure (IaaS) can be offered the security updates through Microsoft Update, or customers can download the security updates from Microsoft Download Center and apply them manually.</p>
<p><strong>What privileges could be gained by an attacker who successfully exploited the vulnerability?</strong></p>
<p>An attacker who successfully exploited this vulnerability could gain debugging privileges including the ability to dump memory.</p>
SQL Server
Microsoft
Yes
CVE-2026-20803
Missing Authentication for Critical Function
12147
20748
20751
Elevation of Privilege
12147
Elevation of Privilege
20748
Elevation of Privilege
20751
Important
12147
Important
20748
Important
20751
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
7.2
6.3
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12147
7.2
6.3
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
20748
7.2
6.3
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
20751
5073031
https://www.microsoft.com/en-us/download/details.aspx?id=108527
5068407
12147
Maybe
Security Update
16.0.1165.1
https://support.microsoft.com/help/5073031
12147
5073031
5073177
https://www.microsoft.com/en-us/download/details.aspx?id=108528
20748
Maybe
Security Update
17.0.1050.2
https://support.microsoft.com/help/5073177
20748
5073177
5072936
https://www.microsoft.com/en-us/download/details.aspx?id=108526
5068450
20751
Maybe
Security Update
16.0.4230.2
https://support.microsoft.com/help/5072936
20751
5072936
Anonymous
Anonymous
1.0
2026-01-13T08:00:00
<p>Information published.</p>
Windows Admin Center Elevation of Privilege Vulnerability
<p>Improper verification of cryptographic signature in Windows Admin Center allows an authorized attacker to elevate privileges locally.</p>
<p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p>
<p>Successful exploitation of this vulnerability requires the attacker to invest in some measurable amount of effort in preparation or execution against the vulnerable component before a successful attack can be expected.</p>
<p><strong>What privileges could be gained by an attacker who successfully exploited the vulnerability?</strong></p>
<p>An attacker who successfully exploited the vulnerability could gain local admin privileges on targeted WAC-managed machines within a tenant.</p>
<p><strong>According to the CVSS metric, successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?</strong></p>
<p>This vulnerability could lead to the attacker gaining the ability to interact with other tenant’s applications and content.</p>
<p><strong>How could an attacker exploit this vulnerability?</strong></p>
<p>An attacker with local administrator privileges could exploit this vulnerability by sending a specially crafted HTTPS request to the targeted head node.</p>
<p><strong>How do I get the update for Windows Admin Center (WAC) in Azure?</strong></p>
<p>You can upgrade WAC in the Portal extension on your VM on Azure Portal by:</p>
<ul>
<li>Automatic upgrades: By default customers are onboarded to automatic upgrades where the latest version is auto-installed when it becomes available.</li>
<li>If the automatic upgrade is not installed you can get the update by going to the server on Azure Portal that you use, as follows:
<ul>
<li>In <strong>Settings + extensions</strong> see 'AdminCenter'. If an update is available use the <strong>Update</strong> button next to "Update available' to install the update for your WAC extension.</li>
</ul>
</li>
</ul>
<p>For more information see <a href="https://learn.microsoft.com/en-us/windows-server/manage/windows-admin-center/azure/manage-vm#update-windows-admin-center">Manage a Windows VM using Windows Admin Center in Azure</a></p>
Windows Admin Center
Microsoft
Yes
CVE-2026-20965
Improper Verification of Cryptographic Signature
12518
Elevation of Privilege
12518
Important
12518
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
7.5
6.5
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
12518
Release Notes
12518
Maybe
Security Update
0.70.0.0
https://learn.microsoft.com/en-us/windows-server/manage/windows-admin-center/azure/manage-vm
12518
Release Notes
<a href="https://www.linkedin.com/in/ben-zamir-401003237/">Ben Zamir</a> with <a href="https://cymulate.com/">Cymulate</a>
<a href="https://www.linkedin.com/in/ilan-kalendarov-4826741a0/">Ilan Kalenadrov</a> with <a href="https://cymulate.com/">Cymulate</a>
<a href="https://www.linkedin.com/in/elad-beber-a17946184/">Elad Beber</a> with <a href="https://cymulate.com/">Cymulate</a>
1.0
2026-01-13T08:00:00
<p>Information published.</p>
Windows Hello Tampering Vulnerability
<p>Incorrect privilege assignment in Windows Hello allows an unauthorized attacker to perform tampering locally.</p>
Windows Hello
Microsoft
Yes
CVE-2026-20804
Incorrect Privilege Assignment
11568
11569
11571
11572
11923
11924
11929
11930
11931
12097
12098
12099
12437
20437
20438
12242
12243
12244
12389
12390
12436
10852
10853
10816
10855
Tampering
11568
Tampering
11569
Tampering
11571
Tampering
11572
Tampering
11923
Tampering
11924
Tampering
11929
Tampering
11930
Tampering
11931
Tampering
12097
Tampering
12098
Tampering
12099
Tampering
12437
Tampering
20437
Tampering
20438
Tampering
12242
Tampering
12243
Tampering
12244
Tampering
12389
Tampering
12390
Tampering
12436
Tampering
10852
Tampering
10853
Tampering
10816
Tampering
10855
Important
11568
Important
11569
Important
11571
Important
11572
Important
11923
Important
11924
Important
11929
Important
11930
Important
11931
Important
12097
Important
12098
Important
12099
Important
12437
Important
20437
Important
20438
Important
12242
Important
12243
Important
12244
Important
12389
Important
12390
Important
12436
Important
10852
Important
10853
Important
10816
Important
10855
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely
7.7
6.7
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
11568
7.7
6.7
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
11569
7.7
6.7
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
11571
7.7
6.7
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
11572
7.7
6.7
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
11923
7.7
6.7
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
11924
7.7
6.7
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
11929
7.7
6.7
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
11930
7.7
6.7
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
11931
7.7
6.7
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
12097
7.7
6.7
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
12098
7.7
6.7
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
12099
7.7
6.7
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
12437
7.7
6.7
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
20437
7.7
6.7
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
20438
7.7
6.7
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
12242
7.7
6.7
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
12243
7.7
6.7
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
12244
7.7
6.7
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
12389
7.7
6.7
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
12390
7.7
6.7
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
12436
7.7
6.7
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
10852
7.7
6.7
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
10853
7.7
6.7
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
10816
7.7
6.7
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
10855
5073723
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073723
5071544
11568
11569
11571
11572
Yes
Security Update
10.0.17763.8276
https://support.microsoft.com/help/5073723
11568
11569
11571
11572
5073723
5073723
https://support.microsoft.com/help/5073723
11568
11569
11571
11572
5073457
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073457
5071547
11923
11924
Yes
Security Update
10.0.20348.4648
https://support.microsoft.com/help/5073457
11923
11924
5073457
5073457
https://support.microsoft.com/help/5073457
11923
11924
5073724
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073724
5071546
11929
11930
11931
Yes
Security Update
10.0.19044.6809
https://support.microsoft.com/help/5073724
11929
11930
11931
5073724
5073724
https://support.microsoft.com/help/5073724
11929
11930
11931
12097
12098
12099
5073724
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073724
5071546
12097
12098
12099
Yes
Security Update
10.0.19045.6809
https://support.microsoft.com/help/5073724
12097
12098
12099
5073724
5073379
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073379
5072033
12437
12436
Yes
Security Update
10.0.26100.32230
https://support.microsoft.com/en-us/topic/a6021fd2-b3b7-45a7-b68e-35c28a2a77da
12437
12436
5073379
5073379
https://support.microsoft.com/help/5073379
12437
12436
5074109
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5074109
5072033
20437
20438
Yes
Security Update
10.0.26200.7623
https://support.microsoft.com/help/5074109
20437
20438
5074109
5074109
https://support.microsoft.com/help/5074109
20437
20438
12389
12390
5073455
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073455
5071417
12242
12243
Yes
Security Update
10.0.22631.6491
https://support.microsoft.com/help/5073455
12242
12243
5073455
5073455
https://support.microsoft.com/help/5073455
12242
12243
5073450
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073450
5071542
12244
Yes
Security Update
10.0.25398.2092
https://support.microsoft.com/help/5073450
12244
5073450
5073450
https://support.microsoft.com/help/5073450
12244
5074109
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5074109
5072033
12389
12390
Yes
Security Update
10.0.26100.7623
https://support.microsoft.com/help/5074109
12389
12390
5074109
5073722
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073722
5071543
10852
10853
10816
10855
Yes
Security Update
10.0.14393.8783
https://support.microsoft.com/help/5073722
10852
10853
10816
10855
5073722
Microsoft Offensive Research & Security Engineering
1.0
2026-01-13T08:00:00
<p>Information published.</p>
Desktop Window Manager Information Disclosure Vulnerability
<p>Exposure of sensitive information to an unauthorized actor in Desktop Windows Manager allows an authorized attacker to disclose information locally.</p>
<p><strong>What type of information could be disclosed by this vulnerability?</strong></p>
<p>The type of information that could be disclosed if an attacker successfully exploited this vulnerability is a section address from a remote ALPC port which is user-mode memory.</p>
Desktop Window Manager
Microsoft
Yes
CVE-2026-20805
Exposure of Sensitive Information to an Unauthorized Actor
11568
11569
11571
11572
11923
11924
11929
11930
11931
12097
12098
12099
12437
20437
20438
12242
12243
12244
12389
12390
12436
10852
10853
10816
10855
10378
10379
10483
10543
Information Disclosure
11568
Information Disclosure
11569
Information Disclosure
11571
Information Disclosure
11572
Information Disclosure
11923
Information Disclosure
11924
Information Disclosure
11929
Information Disclosure
11930
Information Disclosure
11931
Information Disclosure
12097
Information Disclosure
12098
Information Disclosure
12099
Information Disclosure
12437
Information Disclosure
20437
Information Disclosure
20438
Information Disclosure
12242
Information Disclosure
12243
Information Disclosure
12244
Information Disclosure
12389
Information Disclosure
12390
Information Disclosure
12436
Information Disclosure
10852
Information Disclosure
10853
Information Disclosure
10816
Information Disclosure
10855
Information Disclosure
10378
Information Disclosure
10379
Information Disclosure
10483
Information Disclosure
10543
Important
11568
Important
11569
Important
11571
Important
11572
Important
11923
Important
11924
Important
11929
Important
11930
Important
11931
Important
12097
Important
12098
Important
12099
Important
12437
Important
20437
Important
20438
Important
12242
Important
12243
Important
12244
Important
12389
Important
12390
Important
12436
Important
10852
Important
10853
Important
10816
Important
10855
Important
10378
Important
10379
Important
10483
Important
10543
Publicly Disclosed:No;Exploited:Yes;Latest Software Release:Exploitation Detected
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11568
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11569
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11571
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11572
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11923
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11924
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11929
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11930
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11931
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12097
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12098
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12099
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12437
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
20437
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
20438
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12242
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12243
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12244
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12389
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12390
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12436
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10852
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10853
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10816
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10855
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10378
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10379
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10483
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10543
5073723
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073723
5071544
11568
11569
11571
11572
Yes
Security Update
10.0.17763.8276
https://support.microsoft.com/help/5073723
11568
11569
11571
11572
5073723
5073723
https://support.microsoft.com/help/5073723
11568
11569
11571
11572
5073457
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073457
5071547
11923
11924
Yes
Security Update
10.0.20348.4648
https://support.microsoft.com/help/5073457
11923
11924
5073457
5073457
https://support.microsoft.com/help/5073457
11923
11924
5073724
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073724
5071546
11929
11930
11931
Yes
Security Update
10.0.19044.6809
https://support.microsoft.com/help/5073724
11929
11930
11931
5073724
5073724
https://support.microsoft.com/help/5073724
11929
11930
11931
12097
12098
12099
5073724
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073724
5071546
12097
12098
12099
Yes
Security Update
10.0.19045.6809
https://support.microsoft.com/help/5073724
12097
12098
12099
5073724
5073379
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073379
5072033
12437
12436
Yes
Security Update
10.0.26100.32230
https://support.microsoft.com/en-us/topic/a6021fd2-b3b7-45a7-b68e-35c28a2a77da
12437
12436
5073379
5073379
https://support.microsoft.com/help/5073379
12437
12436
5074109
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5074109
5072033
20437
20438
Yes
Security Update
10.0.26200.7623
https://support.microsoft.com/help/5074109
20437
20438
5074109
5074109
https://support.microsoft.com/help/5074109
20437
20438
12389
12390
5073455
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073455
5071417
12242
12243
Yes
Security Update
10.0.22631.6491
https://support.microsoft.com/help/5073455
12242
12243
5073455
5073455
https://support.microsoft.com/help/5073455
12242
12243
5073450
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073450
5071542
12244
Yes
Security Update
10.0.25398.2092
https://support.microsoft.com/help/5073450
12244
5073450
5073450
https://support.microsoft.com/help/5073450
12244
5074109
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5074109
5072033
12389
12390
Yes
Security Update
10.0.26100.7623
https://support.microsoft.com/help/5074109
12389
12390
5074109
5073722
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073722
5071543
10852
10853
10816
10855
Yes
Security Update
10.0.14393.8783
https://support.microsoft.com/help/5073722
10852
10853
10816
10855
5073722
5073698
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073698
5071505
10378
10379
Yes
Monthly Rollup
6.2.9200.25868
https://support.microsoft.com/help/5073698
10378
10379
5073698
5073696
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073696
5071503
10483
10543
Yes
Monthly Rollup
6.3.9600.22968
https://support.microsoft.com/help/5073696
10483
10543
5073696
Microsoft Threat Intelligence Center and Microsoft Security Response Center
Microsoft Threat Intelligence Center and Microsoft Security Response Center
1.0
2026-01-13T08:00:00
<p>Information published.</p>
1.1
2026-01-20T08:00:00
<p>Updated the build numbers. This is an informational update only.</p>
1.2
2026-01-23T08:00:00
<p>Updated the build numbers. This is an informational update only.</p>
1.3
2026-01-27T08:00:00
<p>Updated the build numbers. This is an informational update only.</p>
Windows File Explorer Elevation of Privilege Vulnerability
<p>Concurrent execution using shared resource with improper synchronization ('race condition') in Printer Association Object allows an authorized attacker to elevate privileges locally.</p>
<p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p>
<p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p>
<p><strong>What privileges could be gained by an attacker who successfully exploited the vulnerability?</strong></p>
<p>An attacker who successfully exploited this vulnerability could gain the privileges of the compromised user.</p>
Printer Association Object
Microsoft
Yes
CVE-2026-20808
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
12437
20437
20438
12244
12389
12390
12436
Elevation of Privilege
12437
Elevation of Privilege
20437
Elevation of Privilege
20438
Elevation of Privilege
12244
Elevation of Privilege
12389
Elevation of Privilege
12390
Elevation of Privilege
12436
Important
12437
Important
20437
Important
20438
Important
12244
Important
12389
Important
12390
Important
12436
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12437
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
20437
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
20438
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12244
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12389
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12390
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12436
5073379
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073379
5072033
12437
12436
Yes
Security Update
10.0.26100.32230
https://support.microsoft.com/en-us/topic/a6021fd2-b3b7-45a7-b68e-35c28a2a77da
12437
12436
5073379
5073379
https://support.microsoft.com/help/5073379
12437
12436
5074109
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5074109
5072033
20437
20438
Yes
Security Update
10.0.26200.7623
https://support.microsoft.com/help/5074109
20437
20438
5074109
5074109
https://support.microsoft.com/help/5074109
20437
20438
12389
12390
5073450
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073450
5071542
12244
Yes
Security Update
10.0.25398.2092
https://support.microsoft.com/help/5073450
12244
5073450
5073450
https://support.microsoft.com/help/5073450
12244
5074109
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5074109
5072033
12389
12390
Yes
Security Update
10.0.26100.7623
https://support.microsoft.com/help/5074109
12389
12390
5074109
Taewoo (Tae_ω02)
1.0
2026-01-13T08:00:00
<p>Information published.</p>
Windows Kernel Memory Elevation of Privilege Vulnerability
<p>Time-of-check time-of-use (toctou) race condition in Windows Kernel Memory allows an authorized attacker to elevate privileges locally.</p>
<p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p>
<p>An attacker who successfully exploited this vulnerability could gain Kernel Memory Access.</p>
Windows Kernel Memory
Microsoft
Yes
CVE-2026-20809
Time-of-check Time-of-use (TOCTOU) Race Condition
Heap-based Buffer Overflow
11568
11569
11571
11572
11923
11924
11929
11930
11931
12097
12098
12099
12437
20437
20438
12242
12243
12244
12389
12390
12436
10852
10853
10816
10855
10483
10543
Elevation of Privilege
11568
Elevation of Privilege
11569
Elevation of Privilege
11571
Elevation of Privilege
11572
Elevation of Privilege
11923
Elevation of Privilege
11924
Elevation of Privilege
11929
Elevation of Privilege
11930
Elevation of Privilege
11931
Elevation of Privilege
12097
Elevation of Privilege
12098
Elevation of Privilege
12099
Elevation of Privilege
12437
Elevation of Privilege
20437
Elevation of Privilege
20438
Elevation of Privilege
12242
Elevation of Privilege
12243
Elevation of Privilege
12244
Elevation of Privilege
12389
Elevation of Privilege
12390
Elevation of Privilege
12436
Elevation of Privilege
10852
Elevation of Privilege
10853
Elevation of Privilege
10816
Elevation of Privilege
10855
Elevation of Privilege
10483
Elevation of Privilege
10543
Important
11568
Important
11569
Important
11571
Important
11572
Important
11923
Important
11924
Important
11929
Important
11930
Important
11931
Important
12097
Important
12098
Important
12099
Important
12437
Important
20437
Important
20438
Important
12242
Important
12243
Important
12244
Important
12389
Important
12390
Important
12436
Important
10852
Important
10853
Important
10816
Important
10855
Important
10483
Important
10543
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11568
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11569
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11571
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11572
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11923
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11924
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11929
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11930
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11931
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12097
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12098
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12099
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12437
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
20437
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
20438
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12242
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12243
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12244
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12389
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12390
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12436
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10852
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10853
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10816
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10855
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10483
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10543
5073723
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073723
5071544
11568
11569
11571
11572
Yes
Security Update
10.0.17763.8276
https://support.microsoft.com/help/5073723
11568
11569
11571
11572
5073723
5073723
https://support.microsoft.com/help/5073723
11568
11569
11571
11572
5073457
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073457
5071547
11923
11924
Yes
Security Update
10.0.20348.4648
https://support.microsoft.com/help/5073457
11923
11924
5073457
5073457
https://support.microsoft.com/help/5073457
11923
11924
5073724
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073724
5071546
11929
11930
11931
Yes
Security Update
10.0.19044.6809
https://support.microsoft.com/help/5073724
11929
11930
11931
5073724
5073724
https://support.microsoft.com/help/5073724
11929
11930
11931
12097
12098
12099
5073724
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073724
5071546
12097
12098
12099
Yes
Security Update
10.0.19045.6809
https://support.microsoft.com/help/5073724
12097
12098
12099
5073724
5073379
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073379
5072033
12437
12436
Yes
Security Update
10.0.26100.32230
https://support.microsoft.com/en-us/topic/a6021fd2-b3b7-45a7-b68e-35c28a2a77da
12437
12436
5073379
5073379
https://support.microsoft.com/help/5073379
12437
12436
5074109
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5074109
5072033
20437
20438
Yes
Security Update
10.0.26200.7623
https://support.microsoft.com/help/5074109
20437
20438
5074109
5074109
https://support.microsoft.com/help/5074109
20437
20438
12389
12390
5073455
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073455
5071417
12242
12243
Yes
Security Update
10.0.22631.6491
https://support.microsoft.com/help/5073455
12242
12243
5073455
5073455
https://support.microsoft.com/help/5073455
12242
12243
5073450
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073450
5071542
12244
Yes
Security Update
10.0.25398.2092
https://support.microsoft.com/help/5073450
12244
5073450
5073450
https://support.microsoft.com/help/5073450
12244
5074109
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5074109
5072033
12389
12390
Yes
Security Update
10.0.26100.7623
https://support.microsoft.com/help/5074109
12389
12390
5074109
5073722
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073722
5071543
10852
10853
10816
10855
Yes
Security Update
10.0.14393.8783
https://support.microsoft.com/help/5073722
10852
10853
10816
10855
5073722
5073696
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073696
5071503
10483
10543
Yes
Monthly Rollup
6.3.9600.22968
https://support.microsoft.com/help/5073696
10483
10543
5073696
Microsoft Offensive Research & Security Engineering
1.0
2026-01-13T08:00:00
<p>Information published.</p>
Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
<p>Free of memory not on the heap in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.</p>
<p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p>
<p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p>
Windows Ancillary Function Driver for WinSock
Microsoft
Yes
CVE-2026-20810
Free of Memory not on the Heap
11568
11569
11571
11572
11929
11930
11931
12097
12098
12099
Elevation of Privilege
11568
Elevation of Privilege
11569
Elevation of Privilege
11571
Elevation of Privilege
11572
Elevation of Privilege
11929
Elevation of Privilege
11930
Elevation of Privilege
11931
Elevation of Privilege
12097
Elevation of Privilege
12098
Elevation of Privilege
12099
Important
11568
Important
11569
Important
11571
Important
11572
Important
11929
Important
11930
Important
11931
Important
12097
Important
12098
Important
12099
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11568
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11569
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11571
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11572
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11929
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11930
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11931
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12097
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12098
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12099
5073723
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073723
5071544
11568
11569
11571
11572
Yes
Security Update
10.0.17763.8276
https://support.microsoft.com/help/5073723
11568
11569
11571
11572
5073723
5073723
https://support.microsoft.com/help/5073723
11568
11569
11571
11572
5073724
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073724
5071546
11929
11930
11931
Yes
Security Update
10.0.19044.6809
https://support.microsoft.com/help/5073724
11929
11930
11931
5073724
5073724
https://support.microsoft.com/help/5073724
11929
11930
11931
12097
12098
12099
5073724
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073724
5071546
12097
12098
12099
Yes
Security Update
10.0.19045.6809
https://support.microsoft.com/help/5073724
12097
12098
12099
5073724
haowei yan(jingdong dawnslab)
1.0
2026-01-13T08:00:00
<p>Information published.</p>
Win32k Elevation of Privilege Vulnerability
<p>Access of resource using incompatible type ('type confusion') in Windows Win32K - ICOMP allows an authorized attacker to elevate privileges locally.</p>
<p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p>
<p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p>
Windows Win32K - ICOMP
Microsoft
Yes
CVE-2026-20811
Access of Resource Using Incompatible Type ('Type Confusion')
Untrusted Pointer Dereference
11923
11924
12437
20437
20438
12242
12243
12244
12389
12390
12436
Elevation of Privilege
11923
Elevation of Privilege
11924
Elevation of Privilege
12437
Elevation of Privilege
20437
Elevation of Privilege
20438
Elevation of Privilege
12242
Elevation of Privilege
12243
Elevation of Privilege
12244
Elevation of Privilege
12389
Elevation of Privilege
12390
Elevation of Privilege
12436
Important
11923
Important
11924
Important
12437
Important
20437
Important
20438
Important
12242
Important
12243
Important
12244
Important
12389
Important
12390
Important
12436
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11923
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11924
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12437
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
20437
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
20438
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12242
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12243
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12244
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12389
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12390
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12436
5073457
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073457
5071547
11923
11924
Yes
Security Update
10.0.20348.4648
https://support.microsoft.com/help/5073457
11923
11924
5073457
5073457
https://support.microsoft.com/help/5073457
11923
11924
5073379
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073379
5072033
12437
12436
Yes
Security Update
10.0.26100.32230
https://support.microsoft.com/en-us/topic/a6021fd2-b3b7-45a7-b68e-35c28a2a77da
12437
12436
5073379
5073379
https://support.microsoft.com/help/5073379
12437
12436
5074109
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5074109
5072033
20437
20438
Yes
Security Update
10.0.26200.7623
https://support.microsoft.com/help/5074109
20437
20438
5074109
5074109
https://support.microsoft.com/help/5074109
20437
20438
12389
12390
5073455
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073455
5071417
12242
12243
Yes
Security Update
10.0.22631.6491
https://support.microsoft.com/help/5073455
12242
12243
5073455
5073455
https://support.microsoft.com/help/5073455
12242
12243
5073450
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073450
5071542
12244
Yes
Security Update
10.0.25398.2092
https://support.microsoft.com/help/5073450
12244
5073450
5073450
https://support.microsoft.com/help/5073450
12244
5074109
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5074109
5072033
12389
12390
Yes
Security Update
10.0.26100.7623
https://support.microsoft.com/help/5074109
12389
12390
5074109
Daniil Romanovych
1.0
2026-01-13T08:00:00
<p>Information published.</p>
LDAP Tampering Vulnerability
<p>Improper input validation in Windows LDAP - Lightweight Directory Access Protocol allows an authorized attacker to perform tampering over a network.</p>
Windows LDAP - Lightweight Directory Access Protocol
Microsoft
Yes
CVE-2026-20812
Improper Input Validation
11568
11569
11571
11572
11923
11924
11929
11930
11931
12097
12098
12099
12437
20437
20438
12242
12243
12244
12389
12390
12436
10852
10853
10816
10855
Tampering
11568
Tampering
11569
Tampering
11571
Tampering
11572
Tampering
11923
Tampering
11924
Tampering
11929
Tampering
11930
Tampering
11931
Tampering
12097
Tampering
12098
Tampering
12099
Tampering
12437
Tampering
20437
Tampering
20438
Tampering
12242
Tampering
12243
Tampering
12244
Tampering
12389
Tampering
12390
Tampering
12436
Tampering
10852
Tampering
10853
Tampering
10816
Tampering
10855
Important
11568
Important
11569
Important
11571
Important
11572
Important
11923
Important
11924
Important
11929
Important
11930
Important
11931
Important
12097
Important
12098
Important
12099
Important
12437
Important
20437
Important
20438
Important
12242
Important
12243
Important
12244
Important
12389
Important
12390
Important
12436
Important
10852
Important
10853
Important
10816
Important
10855
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
11568
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
11569
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
11571
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
11572
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
11923
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
11924
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
11929
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
11930
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
11931
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
12097
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
12098
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
12099
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
12437
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
20437
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
20438
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
12242
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
12243
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
12244
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
12389
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
12390
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
12436
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
10852
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
10853
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
10816
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
10855
5073723
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073723
5071544
11568
11569
11571
11572
Yes
Security Update
10.0.17763.8276
https://support.microsoft.com/help/5073723
11568
11569
11571
11572
5073723
5073723
https://support.microsoft.com/help/5073723
11568
11569
11571
11572
5073457
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073457
5071547
11923
11924
Yes
Security Update
10.0.20348.4648
https://support.microsoft.com/help/5073457
11923
11924
5073457
5073457
https://support.microsoft.com/help/5073457
11923
11924
5073724
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073724
5071546
11929
11930
11931
Yes
Security Update
10.0.19044.6809
https://support.microsoft.com/help/5073724
11929
11930
11931
5073724
5073724
https://support.microsoft.com/help/5073724
11929
11930
11931
12097
12098
12099
5073724
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073724
5071546
12097
12098
12099
Yes
Security Update
10.0.19045.6809
https://support.microsoft.com/help/5073724
12097
12098
12099
5073724
5073379
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073379
5072033
12437
12436
Yes
Security Update
10.0.26100.32230
https://support.microsoft.com/en-us/topic/a6021fd2-b3b7-45a7-b68e-35c28a2a77da
12437
12436
5073379
5073379
https://support.microsoft.com/help/5073379
12437
12436
5074109
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5074109
5072033
20437
20438
Yes
Security Update
10.0.26200.7623
https://support.microsoft.com/help/5074109
20437
20438
5074109
5074109
https://support.microsoft.com/help/5074109
20437
20438
12389
12390
5073455
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073455
5071417
12242
12243
Yes
Security Update
10.0.22631.6491
https://support.microsoft.com/help/5073455
12242
12243
5073455
5073455
https://support.microsoft.com/help/5073455
12242
12243
5073450
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073450
5071542
12244
Yes
Security Update
10.0.25398.2092
https://support.microsoft.com/help/5073450
12244
5073450
5073450
https://support.microsoft.com/help/5073450
12244
5074109
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5074109
5072033
12389
12390
Yes
Security Update
10.0.26100.7623
https://support.microsoft.com/help/5074109
12389
12390
5074109
5073722
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073722
5071543
10852
10853
10816
10855
Yes
Security Update
10.0.14393.8783
https://support.microsoft.com/help/5073722
10852
10853
10816
10855
5073722
Active Directory team with Microsoft
1.0
2026-01-13T08:00:00
<p>Information published.</p>
DirectX Graphics Kernel Elevation of Privilege Vulnerability
<p>Concurrent execution using shared resource with improper synchronization ('race condition') in Graphics Kernel allows an authorized attacker to elevate privileges locally.</p>
<p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p>
<p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p>
<p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p>
<p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p>
Graphics Kernel
Microsoft
Yes
CVE-2026-20814
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
11568
11569
11571
11572
11923
11924
11929
11930
11931
12097
12098
12099
12437
20437
20438
12242
12243
12244
12389
12390
12436
10852
10853
10816
10855
Elevation of Privilege
11568
Elevation of Privilege
11569
Elevation of Privilege
11571
Elevation of Privilege
11572
Elevation of Privilege
11923
Elevation of Privilege
11924
Elevation of Privilege
11929
Elevation of Privilege
11930
Elevation of Privilege
11931
Elevation of Privilege
12097
Elevation of Privilege
12098
Elevation of Privilege
12099
Elevation of Privilege
12437
Elevation of Privilege
20437
Elevation of Privilege
20438
Elevation of Privilege
12242
Elevation of Privilege
12243
Elevation of Privilege
12244
Elevation of Privilege
12389
Elevation of Privilege
12390
Elevation of Privilege
12436
Elevation of Privilege
10852
Elevation of Privilege
10853
Elevation of Privilege
10816
Elevation of Privilege
10855
Important
11568
Important
11569
Important
11571
Important
11572
Important
11923
Important
11924
Important
11929
Important
11930
Important
11931
Important
12097
Important
12098
Important
12099
Important
12437
Important
20437
Important
20438
Important
12242
Important
12243
Important
12244
Important
12389
Important
12390
Important
12436
Important
10852
Important
10853
Important
10816
Important
10855
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11568
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11569
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11571
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11572
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11923
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11924
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11929
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11930
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11931
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12097
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12098
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12099
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12437
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
20437
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
20438
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12242
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12243
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12244
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12389
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12390
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12436
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10852
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10853
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10816
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10855
5073723
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073723
5071544
11568
11569
11571
11572
Yes
Security Update
10.0.17763.8276
https://support.microsoft.com/help/5073723
11568
11569
11571
11572
5073723
5073723
https://support.microsoft.com/help/5073723
11568
11569
11571
11572
5073457
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073457
5071547
11923
11924
Yes
Security Update
10.0.20348.4648
https://support.microsoft.com/help/5073457
11923
11924
5073457
5073457
https://support.microsoft.com/help/5073457
11923
11924
5073724
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073724
5071546
11929
11930
11931
Yes
Security Update
10.0.19044.6809
https://support.microsoft.com/help/5073724
11929
11930
11931
5073724
5073724
https://support.microsoft.com/help/5073724
11929
11930
11931
12097
12098
12099
5073724
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073724
5071546
12097
12098
12099
Yes
Security Update
10.0.19045.6809
https://support.microsoft.com/help/5073724
12097
12098
12099
5073724
5073379
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073379
5072033
12437
12436
Yes
Security Update
10.0.26100.32230
https://support.microsoft.com/en-us/topic/a6021fd2-b3b7-45a7-b68e-35c28a2a77da
12437
12436
5073379
5073379
https://support.microsoft.com/help/5073379
12437
12436
5074109
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5074109
5072033
20437
20438
Yes
Security Update
10.0.26200.7623
https://support.microsoft.com/help/5074109
20437
20438
5074109
5074109
https://support.microsoft.com/help/5074109
20437
20438
12389
12390
5073455
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073455
5071417
12242
12243
Yes
Security Update
10.0.22631.6491
https://support.microsoft.com/help/5073455
12242
12243
5073455
5073455
https://support.microsoft.com/help/5073455
12242
12243
5073450
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073450
5071542
12244
Yes
Security Update
10.0.25398.2092
https://support.microsoft.com/help/5073450
12244
5073450
5073450
https://support.microsoft.com/help/5073450
12244
5074109
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5074109
5072033
12389
12390
Yes
Security Update
10.0.26100.7623
https://support.microsoft.com/help/5074109
12389
12390
5074109
5073722
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073722
5071543
10852
10853
10816
10855
Yes
Security Update
10.0.14393.8783
https://support.microsoft.com/help/5073722
10852
10853
10816
10855
5073722
cyanbamboo and b2ahex
1.0
2026-01-13T08:00:00
<p>Information published.</p>
Capability Access Management Service (camsvc) Elevation of Privilege Vulnerability
<p>Concurrent execution using shared resource with improper synchronization ('race condition') in Capability Access Management Service (camsvc) allows an authorized attacker to elevate privileges locally.</p>
<p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p>
<p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p>
<p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p>
<p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p>
Capability Access Management Service (camsvc)
Microsoft
Yes
CVE-2026-20815
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
12437
20437
20438
12389
12390
12436
Elevation of Privilege
12437
Elevation of Privilege
20437
Elevation of Privilege
20438
Elevation of Privilege
12389
Elevation of Privilege
12390
Elevation of Privilege
12436
Important
12437
Important
20437
Important
20438
Important
12389
Important
12390
Important
12436
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12437
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
20437
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
20438
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12389
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12390
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12436
5073379
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073379
5072033
12437
12436
Yes
Security Update
10.0.26100.32230
https://support.microsoft.com/en-us/topic/a6021fd2-b3b7-45a7-b68e-35c28a2a77da
12437
12436
5073379
5073379
https://support.microsoft.com/help/5073379
12437
12436
5074109
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5074109
5072033
20437
20438
Yes
Security Update
10.0.26200.7623
https://support.microsoft.com/help/5074109
20437
20438
5074109
5074109
https://support.microsoft.com/help/5074109
20437
20438
12389
12390
5074109
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5074109
5072033
12389
12390
Yes
Security Update
10.0.26100.7623
https://support.microsoft.com/help/5074109
12389
12390
5074109
<a href="https://twitter.com/keyz3r0">k0shl</a>
1.0
2026-01-13T08:00:00
<p>Information published.</p>
Windows Installer Elevation of Privilege Vulnerability
<p>Time-of-check time-of-use (toctou) race condition in Windows Installer allows an authorized attacker to elevate privileges locally.</p>
<p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p>
<p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p>
Windows Installer
Microsoft
Yes
CVE-2026-20816
Time-of-check Time-of-use (TOCTOU) Race Condition
11568
11569
11571
11572
11923
11924
11929
11930
11931
12097
12098
12099
12437
20437
20438
12242
12243
12244
12389
12390
12436
10852
10853
10816
10855
9312
10287
9318
9344
10051
10049
10378
10379
10483
10543
Elevation of Privilege
11568
Elevation of Privilege
11569
Elevation of Privilege
11571
Elevation of Privilege
11572
Elevation of Privilege
11923
Elevation of Privilege
11924
Elevation of Privilege
11929
Elevation of Privilege
11930
Elevation of Privilege
11931
Elevation of Privilege
12097
Elevation of Privilege
12098
Elevation of Privilege
12099
Elevation of Privilege
12437
Elevation of Privilege
20437
Elevation of Privilege
20438
Elevation of Privilege
12242
Elevation of Privilege
12243
Elevation of Privilege
12244
Elevation of Privilege
12389
Elevation of Privilege
12390
Elevation of Privilege
12436
Elevation of Privilege
10852
Elevation of Privilege
10853
Elevation of Privilege
10816
Elevation of Privilege
10855
Elevation of Privilege
9312
Elevation of Privilege
10287
Elevation of Privilege
9318
Elevation of Privilege
9344
Elevation of Privilege
10051
Elevation of Privilege
10049
Elevation of Privilege
10378
Elevation of Privilege
10379
Elevation of Privilege
10483
Elevation of Privilege
10543
Important
11568
Important
11569
Important
11571
Important
11572
Important
11923
Important
11924
Important
11929
Important
11930
Important
11931
Important
12097
Important
12098
Important
12099
Important
12437
Important
20437
Important
20438
Important
12242
Important
12243
Important
12244
Important
12389
Important
12390
Important
12436
Important
10852
Important
10853
Important
10816
Important
10855
Important
9312
Important
10287
Important
9318
Important
9344
Important
10051
Important
10049
Important
10378
Important
10379
Important
10483
Important
10543
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11568
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11569
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11571
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11572
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11923
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11924
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11929
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11930
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11931
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12097
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12098
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12099
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12437
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
20437
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
20438
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12242
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12243
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12244
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12389
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12390
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12436
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10852
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10853
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10816
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10855
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9312
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10287
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9318
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9344
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10051
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10049
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10378
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10379
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10483
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10543
5073723
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073723
5071544
11568
11569
11571
11572
Yes
Security Update
10.0.17763.8276
https://support.microsoft.com/help/5073723
11568
11569
11571
11572
5073723
5073723
https://support.microsoft.com/help/5073723
11568
11569
11571
11572
5073457
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073457
5071547
11923
11924
Yes
Security Update
10.0.20348.4648
https://support.microsoft.com/help/5073457
11923
11924
5073457
5073457
https://support.microsoft.com/help/5073457
11923
11924
5073724
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073724
5071546
11929
11930
11931
Yes
Security Update
10.0.19044.6809
https://support.microsoft.com/help/5073724
11929
11930
11931
5073724
5073724
https://support.microsoft.com/help/5073724
11929
11930
11931
12097
12098
12099
5073724
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073724
5071546
12097
12098
12099
Yes
Security Update
10.0.19045.6809
https://support.microsoft.com/help/5073724
12097
12098
12099
5073724
5073379
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073379
5072033
12437
12436
Yes
Security Update
10.0.26100.32230
https://support.microsoft.com/en-us/topic/a6021fd2-b3b7-45a7-b68e-35c28a2a77da
12437
12436
5073379
5073379
https://support.microsoft.com/help/5073379
12437
12436
5074109
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5074109
5072033
20437
20438
Yes
Security Update
10.0.26200.7623
https://support.microsoft.com/help/5074109
20437
20438
5074109
5074109
https://support.microsoft.com/help/5074109
20437
20438
12389
12390
5073455
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073455
5071417
12242
12243
Yes
Security Update
10.0.22631.6491
https://support.microsoft.com/help/5073455
12242
12243
5073455
5073455
https://support.microsoft.com/help/5073455
12242
12243
5073450
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073450
5071542
12244
Yes
Security Update
10.0.25398.2092
https://support.microsoft.com/help/5073450
12244
5073450
5073450
https://support.microsoft.com/help/5073450
12244
5074109
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5074109
5072033
12389
12390
Yes
Security Update
10.0.26100.7623
https://support.microsoft.com/help/5074109
12389
12390
5074109
5073722
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073722
5071543
10852
10853
10816
10855
Yes
Security Update
10.0.14393.8783
https://support.microsoft.com/help/5073722
10852
10853
10816
10855
5073722
5073697
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073697
5071504
9312
10287
9318
9344
Yes
Monthly Rollup
6.0.6003.23717
https://support.microsoft.com/help/5073697
9312
10287
9318
9344
5073697
5073700
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073700
9312
10287
9318
9344
Yes
Security Only
6.0.6003.23717
https://support.microsoft.com/help/5073700
9312
10287
9318
9344
5073700
5073695
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073695
5071501
10051
10049
Yes
Monthly Rollup
6.1.7601.28117
https://support.microsoft.com/help/5073695
10051
10049
5073695
5073699
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073699
10051
10049
Yes
Security Only
6.1.7601.28117
https://support.microsoft.com/help/5073699
10051
10049
5073699
5073698
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073698
5071505
10378
10379
Yes
Monthly Rollup
6.2.9200.25868
https://support.microsoft.com/help/5073698
10378
10379
5073698
5073696
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073696
5071503
10483
10543
Yes
Monthly Rollup
6.3.9600.22968
https://support.microsoft.com/help/5073696
10483
10543
5073696
<a href="https://infosec.exchange/@jagotu">JaGoTu</a> with <a href="https://www.dcit.cz/">DCIT, a.s.</a>
1.0
2026-01-13T08:00:00
<p>Information published.</p>
Windows Error Reporting Service Elevation of Privilege Vulnerability
<p>Improper handling of insufficient permissions or privileges in Windows Error Reporting allows an authorized attacker to elevate privileges locally.</p>
<p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p>
<p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p>
Windows Error Reporting
Microsoft
Yes
CVE-2026-20817
Improper Handling of Insufficient Permissions or Privileges
11923
11924
11929
11930
11931
12097
12098
12099
12437
20437
20438
12242
12243
12244
12389
12390
12436
Elevation of Privilege
11923
Elevation of Privilege
11924
Elevation of Privilege
11929
Elevation of Privilege
11930
Elevation of Privilege
11931
Elevation of Privilege
12097
Elevation of Privilege
12098
Elevation of Privilege
12099
Elevation of Privilege
12437
Elevation of Privilege
20437
Elevation of Privilege
20438
Elevation of Privilege
12242
Elevation of Privilege
12243
Elevation of Privilege
12244
Elevation of Privilege
12389
Elevation of Privilege
12390
Elevation of Privilege
12436
Important
11923
Important
11924
Important
11929
Important
11930
Important
11931
Important
12097
Important
12098
Important
12099
Important
12437
Important
20437
Important
20438
Important
12242
Important
12243
Important
12244
Important
12389
Important
12390
Important
12436
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11923
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11924
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11929
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11930
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11931
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12097
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12098
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12099
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12437
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
20437
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
20438
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12242
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12243
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12244
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12389
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12390
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12436
5073457
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073457
5071547
11923
11924
Yes
Security Update
10.0.20348.4648
https://support.microsoft.com/help/5073457
11923
11924
5073457
5073457
https://support.microsoft.com/help/5073457
11923
11924
5073724
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073724
5071546
11929
11930
11931
Yes
Security Update
10.0.19044.6809
https://support.microsoft.com/help/5073724
11929
11930
11931
5073724
5073724
https://support.microsoft.com/help/5073724
11929
11930
11931
12097
12098
12099
5073724
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073724
5071546
12097
12098
12099
Yes
Security Update
10.0.19045.6809
https://support.microsoft.com/help/5073724
12097
12098
12099
5073724
5073379
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073379
5072033
12437
12436
Yes
Security Update
10.0.26100.32230
https://support.microsoft.com/en-us/topic/a6021fd2-b3b7-45a7-b68e-35c28a2a77da
12437
12436
5073379
5073379
https://support.microsoft.com/help/5073379
12437
12436
5074109
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5074109
5072033
20437
20438
Yes
Security Update
10.0.26200.7623
https://support.microsoft.com/help/5074109
20437
20438
5074109
5074109
https://support.microsoft.com/help/5074109
20437
20438
12389
12390
5073455
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073455
5071417
12242
12243
Yes
Security Update
10.0.22631.6491
https://support.microsoft.com/help/5073455
12242
12243
5073455
5073455
https://support.microsoft.com/help/5073455
12242
12243
5073450
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073450
5071542
12244
Yes
Security Update
10.0.25398.2092
https://support.microsoft.com/help/5073450
12244
5073450
5073450
https://support.microsoft.com/help/5073450
12244
5074109
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5074109
5072033
12389
12390
Yes
Security Update
10.0.26100.7623
https://support.microsoft.com/help/5074109
12389
12390
5074109
Ruslan Sayfiev with <a href="https://gmo-cybersecurity.com/">GMO Cybersecurity by Ierae</a>
Denis Faiustov with <a href="https://gmo-cybersecurity.com/">GMO Cybersecurity by Ierae</a>
1.0
2026-01-13T08:00:00
<p>Information published.</p>
Windows Kernel Information Disclosure Vulnerability
<p>Insertion of sensitive information into log file in Windows Kernel allows an unauthorized attacker to disclose information locally.</p>
<p><strong>What type of information could be disclosed by this vulnerability?</strong></p>
<p>The type of information that could be disclosed if an attacker successfully exploited this vulnerability is Kernel memory read - unintentional read access to memory contents in kernel space from a user mode process.</p>
Windows Kernel
Microsoft
Yes
CVE-2026-20818
Insertion of Sensitive Information into Log File
11571
11572
11923
11924
12437
12244
12436
10816
10855
Information Disclosure
11571
Information Disclosure
11572
Information Disclosure
11923
Information Disclosure
11924
Information Disclosure
12437
Information Disclosure
12244
Information Disclosure
12436
Information Disclosure
10816
Information Disclosure
10855
Important
11571
Important
11572
Important
11923
Important
11924
Important
12437
Important
12244
Important
12436
Important
10816
Important
10855
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely
6.2
5.4
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11571
6.2
5.4
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11572
6.2
5.4
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11923
6.2
5.4
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11924
6.2
5.4
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12437
6.2
5.4
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12244
6.2
5.4
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12436
6.2
5.4
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10816
6.2
5.4
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10855
5073723
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073723
5071544
11571
11572
Yes
Security Update
10.0.17763.8276
https://support.microsoft.com/help/5073723
11571
11572
5073723
5073723
https://support.microsoft.com/help/5073723
11571
11572
5073457
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073457
5071547
11923
11924
Yes
Security Update
10.0.20348.4648
https://support.microsoft.com/help/5073457
11923
11924
5073457
5073457
https://support.microsoft.com/help/5073457
11923
11924
5073379
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073379
5072033
12437
12436
Yes
Security Update
10.0.26100.32230
https://support.microsoft.com/en-us/topic/a6021fd2-b3b7-45a7-b68e-35c28a2a77da
12437
12436
5073379
5073379
https://support.microsoft.com/help/5073379
12437
12436
5073450
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073450
5071542
12244
Yes
Security Update
10.0.25398.2092
https://support.microsoft.com/help/5073450
12244
5073450
5073450
https://support.microsoft.com/help/5073450
12244
5073722
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073722
5071543
10816
10855
Yes
Security Update
10.0.14393.8783
https://support.microsoft.com/help/5073722
10816
10855
5073722
Microsoft Offensive Research & Security Engineering
1.0
2026-01-13T08:00:00
<p>Information published.</p>
1.1
2026-01-20T08:00:00
<p>Updated the build numbers. This is an informational update only.</p>
Windows Virtualization-Based Security (VBS) Information Disclosure Vulnerability
<p>Untrusted pointer dereference in Windows Virtualization-Based Security (VBS) Enclave allows an authorized attacker to disclose information locally.</p>
<p><strong>What type of information could be disclosed by this vulnerability?</strong></p>
<p>An attacker who successfully exploited this vulnerability could view Virtual Trust Level 1 (VTL1) data from Virtual Trust 0 (VTL0) which is the least privileged level.</p>
Windows Virtualization-Based Security (VBS) Enclave
Microsoft
Yes
CVE-2026-20819
Untrusted Pointer Dereference
20438
20437
12242
12243
12389
12390
Information Disclosure
20438
Information Disclosure
20437
Information Disclosure
12242
Information Disclosure
12243
Information Disclosure
12389
Information Disclosure
12390
Important
20438
Important
20437
Important
12242
Important
12243
Important
12389
Important
12390
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
20438
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
20437
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12242
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12243
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12389
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12390
5074109
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5074109
5072033
20438
20437
Yes
Security Update
10.0.26200.7623
https://support.microsoft.com/help/5074109
20438
20437
5074109
5074109
https://support.microsoft.com/help/5074109
20438
20437
12389
12390
5073455
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073455
5071417
12242
12243
Yes
Security Update
10.0.22631.6491
https://support.microsoft.com/help/5073455
12242
12243
5073455
5073455
https://support.microsoft.com/help/5073455
12242
12243
5074109
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5074109
5072033
12389
12390
Yes
Security Update
10.0.26100.7623
https://support.microsoft.com/help/5074109
12389
12390
5074109
Microsoft Offensive Research and Security Engineering
1.0
2026-01-13T08:00:00
<p>Information published.</p>
Windows Common Log File System Driver Elevation of Privilege Vulnerability
<p>Heap-based buffer overflow in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.</p>
<p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p>
<p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p>
Windows Common Log File System Driver
Microsoft
Yes
CVE-2026-20820
Heap-based Buffer Overflow
11924
11568
11571
11923
11929
11930
11572
11569
11931
12437
12099
20438
20437
12097
12098
12242
12244
12243
12389
12390
12436
10853
10287
10855
10051
9318
10049
9344
10378
10852
10483
10816
9312
10379
10543
Elevation of Privilege
11924
Elevation of Privilege
11568
Elevation of Privilege
11571
Elevation of Privilege
11923
Elevation of Privilege
11929
Elevation of Privilege
11930
Elevation of Privilege
11572
Elevation of Privilege
11569
Elevation of Privilege
11931
Elevation of Privilege
12437
Elevation of Privilege
12099
Elevation of Privilege
20438
Elevation of Privilege
20437
Elevation of Privilege
12097
Elevation of Privilege
12098
Elevation of Privilege
12242
Elevation of Privilege
12244
Elevation of Privilege
12243
Elevation of Privilege
12389
Elevation of Privilege
12390
Elevation of Privilege
12436
Elevation of Privilege
10853
Elevation of Privilege
10287
Elevation of Privilege
10855
Elevation of Privilege
10051
Elevation of Privilege
9318
Elevation of Privilege
10049
Elevation of Privilege
9344
Elevation of Privilege
10378
Elevation of Privilege
10852
Elevation of Privilege
10483
Elevation of Privilege
10816
Elevation of Privilege
9312
Elevation of Privilege
10379
Elevation of Privilege
10543
Important
11924
Important
11568
Important
11571
Important
11923
Important
11929
Important
11930
Important
11572
Important
11569
Important
11931
Important
12437
Important
12099
Important
20438
Important
20437
Important
12097
Important
12098
Important
12242
Important
12244
Important
12243
Important
12389
Important
12390
Important
12436
Important
10853
Important
10287
Important
10855
Important
10051
Important
9318
Important
10049
Important
9344
Important
10378
Important
10852
Important
10483
Important
10816
Important
9312
Important
10379
Important
10543
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11924
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11568
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11571
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11923
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11929
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11930
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11572
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11569
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11931
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12437
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12099
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
20438
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
20437
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12097
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12098
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12242
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12244
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12243
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12389
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12390
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12436
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10853
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10287
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10855
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10051
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9318
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10049
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9344
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10378
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10852
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10483
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10816
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9312
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10379
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10543
5073457
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073457
5071547
11924
11923
Yes
Security Update
10.0.20348.4648
https://support.microsoft.com/help/5073457
11924
11923
5073457
5073457
https://support.microsoft.com/help/5073457
11924
11923
5073723
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073723
5071544
11568
11571
11572
11569
Yes
Security Update
10.0.17763.8276
https://support.microsoft.com/help/5073723
11568
11571
11572
11569
5073723
5073723
https://support.microsoft.com/help/5073723
11568
11571
11572
11569
5073724
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073724
5071546
11929
11930
11931
Yes
Security Update
10.0.19044.6809
https://support.microsoft.com/help/5073724
11929
11930
11931
5073724
5073724
https://support.microsoft.com/help/5073724
11929
11930
11931
12099
12097
12098
5073379
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073379
5072033
12437
12436
Yes
Security Update
10.0.26100.32230
https://support.microsoft.com/en-us/topic/a6021fd2-b3b7-45a7-b68e-35c28a2a77da
12437
12436
5073379
5073379
https://support.microsoft.com/help/5073379
12437
12436
5073724
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073724
5071546
12099
12097
12098
Yes
Security Update
10.0.19045.6809
https://support.microsoft.com/help/5073724
12099
12097
12098
5073724
5074109
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5074109
5072033
20438
20437
Yes
Security Update
10.0.26200.7623
https://support.microsoft.com/help/5074109
20438
20437
5074109
5074109
https://support.microsoft.com/help/5074109
20438
20437
12389
12390
5073455
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073455
5071417
12242
12243
Yes
Security Update
10.0.22631.6491
https://support.microsoft.com/help/5073455
12242
12243
5073455
5073455
https://support.microsoft.com/help/5073455
12242
12243
5073450
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073450
5071542
12244
Yes
Security Update
10.0.25398.2092
https://support.microsoft.com/help/5073450
12244
5073450
5073450
https://support.microsoft.com/help/5073450
12244
5074109
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5074109
5072033
12389
12390
Yes
Security Update
10.0.26100.7623
https://support.microsoft.com/help/5074109
12389
12390
5074109
5073722
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073722
5071543
10853
10855
10852
10816
Yes
Security Update
10.0.14393.8783
https://support.microsoft.com/help/5073722
10853
10855
10852
10816
5073722
5073697
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073697
5071504
10287
9318
9344
9312
Yes
Monthly Rollup
6.0.6003.23717
https://support.microsoft.com/help/5073697
10287
9318
9344
9312
5073697
5073700
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073700
10287
9318
9344
9312
Yes
Security Only
6.0.6003.23717
https://support.microsoft.com/help/5073700
10287
9318
9344
9312
5073700
5073695
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073695
5071501
10051
10049
Yes
Monthly Rollup
6.1.7601.28117
https://support.microsoft.com/help/5073695
10051
10049
5073695
5073699
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073699
10051
10049
Yes
Security Only
6.1.7601.28117
https://support.microsoft.com/help/5073699
10051
10049
5073699
5073698
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073698
5071505
10378
10379
Yes
Monthly Rollup
6.2.9200.25868
https://support.microsoft.com/help/5073698
10378
10379
5073698
5073696
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073696
5071503
10483
10543
Yes
Monthly Rollup
6.3.9600.22968
https://support.microsoft.com/help/5073696
10483
10543
5073696
<a href="https://x.com/x0rb1ts">0rb1t</a> with None
1.0
2026-01-13T08:00:00
<p>Information published.</p>
Remote Procedure Call Information Disclosure Vulnerability
<p>Exposure of sensitive information to an unauthorized actor in Windows Remote Procedure Call allows an unauthorized attacker to disclose information locally.</p>
<p><strong>What type of information could be disclosed by this vulnerability?</strong></p>
<p>The type of information that could be disclosed if an attacker successfully exploited this vulnerability is one byte of kernel memory could be leaked back to the attacker.</p>
Windows Remote Procedure Call
Microsoft
Yes
CVE-2026-20821
Exposure of Sensitive Information to an Unauthorized Actor
11568
11569
11571
11572
11923
11924
11929
11930
11931
12097
12098
12099
12437
20437
20438
12242
12243
12244
12389
12390
12436
10852
10853
10816
10855
9312
10287
9318
9344
10051
10049
10378
10379
10483
10543
Information Disclosure
11568
Information Disclosure
11569
Information Disclosure
11571
Information Disclosure
11572
Information Disclosure
11923
Information Disclosure
11924
Information Disclosure
11929
Information Disclosure
11930
Information Disclosure
11931
Information Disclosure
12097
Information Disclosure
12098
Information Disclosure
12099
Information Disclosure
12437
Information Disclosure
20437
Information Disclosure
20438
Information Disclosure
12242
Information Disclosure
12243
Information Disclosure
12244
Information Disclosure
12389
Information Disclosure
12390
Information Disclosure
12436
Information Disclosure
10852
Information Disclosure
10853
Information Disclosure
10816
Information Disclosure
10855
Information Disclosure
9312
Information Disclosure
10287
Information Disclosure
9318
Information Disclosure
9344
Information Disclosure
10051
Information Disclosure
10049
Information Disclosure
10378
Information Disclosure
10379
Information Disclosure
10483
Information Disclosure
10543
Important
11568
Important
11569
Important
11571
Important
11572
Important
11923
Important
11924
Important
11929
Important
11930
Important
11931
Important
12097
Important
12098
Important
12099
Important
12437
Important
20437
Important
20438
Important
12242
Important
12243
Important
12244
Important
12389
Important
12390
Important
12436
Important
10852
Important
10853
Important
10816
Important
10855
Important
9312
Important
10287
Important
9318
Important
9344
Important
10051
Important
10049
Important
10378
Important
10379
Important
10483
Important
10543
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely
6.2
5.4
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11568
6.2
5.4
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11569
6.2
5.4
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11571
6.2
5.4
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11572
6.2
5.4
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11923
6.2
5.4
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11924
6.2
5.4
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11929
6.2
5.4
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11930
6.2
5.4
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11931
6.2
5.4
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12097
6.2
5.4
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12098
6.2
5.4
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12099
6.2
5.4
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12437
6.2
5.4
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
20437
6.2
5.4
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
20438
6.2
5.4
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12242
6.2
5.4
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12243
6.2
5.4
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12244
6.2
5.4
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12389
6.2
5.4
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12390
6.2
5.4
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12436
6.2
5.4
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10852
6.2
5.4
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10853
6.2
5.4
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10816
6.2
5.4
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10855
6.2
5.4
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
9312
6.2
5.4
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10287
6.2
5.4
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
9318
6.2
5.4
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
9344
6.2
5.4
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10051
6.2
5.4
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10049
6.2
5.4
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10378
6.2
5.4
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10379
6.2
5.4
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10483
6.2
5.4
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10543
5073723
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073723
5071544
11568
11569
11571
11572
Yes
Security Update
10.0.17763.8276
https://support.microsoft.com/help/5073723
11568
11569
11571
11572
5073723
5073723
https://support.microsoft.com/help/5073723
11568
11569
11571
11572
5073457
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073457
5071547
11923
11924
Yes
Security Update
10.0.20348.4648
https://support.microsoft.com/help/5073457
11923
11924
5073457
5073457
https://support.microsoft.com/help/5073457
11923
11924
5073724
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073724
5071546
11929
11930
11931
Yes
Security Update
10.0.19044.6809
https://support.microsoft.com/help/5073724
11929
11930
11931
5073724
5073724
https://support.microsoft.com/help/5073724
11929
11930
11931
12097
12098
12099
5073724
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073724
5071546
12097
12098
12099
Yes
Security Update
10.0.19045.6809
https://support.microsoft.com/help/5073724
12097
12098
12099
5073724
5073379
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073379
5072033
12437
12436
Yes
Security Update
10.0.26100.32230
https://support.microsoft.com/en-us/topic/a6021fd2-b3b7-45a7-b68e-35c28a2a77da
12437
12436
5073379
5073379
https://support.microsoft.com/help/5073379
12437
12436
5074109
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5074109
5072033
20437
20438
Yes
Security Update
10.0.26200.7623
https://support.microsoft.com/help/5074109
20437
20438
5074109
5074109
https://support.microsoft.com/help/5074109
20437
20438
12389
12390
5073455
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073455
5071417
12242
12243
Yes
Security Update
10.0.22631.6491
https://support.microsoft.com/help/5073455
12242
12243
5073455
5073455
https://support.microsoft.com/help/5073455
12242
12243
5073450
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073450
5071542
12244
Yes
Security Update
10.0.25398.2092
https://support.microsoft.com/help/5073450
12244
5073450
5073450
https://support.microsoft.com/help/5073450
12244
5074109
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5074109
5072033
12389
12390
Yes
Security Update
10.0.26100.7623
https://support.microsoft.com/help/5074109
12389
12390
5074109
5073722
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073722
5071543
10852
10853
10816
10855
Yes
Security Update
10.0.14393.8783
https://support.microsoft.com/help/5073722
10852
10853
10816
10855
5073722
5073697
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073697
5071504
9312
10287
9318
9344
Yes
Monthly Rollup
6.0.6003.23717
https://support.microsoft.com/help/5073697
9312
10287
9318
9344
5073697
5073700
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073700
9312
10287
9318
9344
Yes
Security Only
6.0.6003.23717
https://support.microsoft.com/help/5073700
9312
10287
9318
9344
5073700
5073695
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073695
5071501
10051
10049
Yes
Monthly Rollup
6.1.7601.28117
https://support.microsoft.com/help/5073695
10051
10049
5073695
5073699
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073699
10051
10049
Yes
Security Only
6.1.7601.28117
https://support.microsoft.com/help/5073699
10051
10049
5073699
5073698
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073698
5071505
10378
10379
Yes
Monthly Rollup
6.2.9200.25868
https://support.microsoft.com/help/5073698
10378
10379
5073698
5073696
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073696
5071503
10483
10543
Yes
Monthly Rollup
6.3.9600.22968
https://support.microsoft.com/help/5073696
10483
10543
5073696
<a href="https://www.cse-cst.gc.ca/">Communications Security Establishment</a>
1.0
2026-01-13T08:00:00
<p>Information published.</p>
Windows Graphics Component Elevation of Privilege Vulnerability
<p>Use after free in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally.</p>
<p><strong>According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?</strong></p>
<p>In a GPU paravirtualization scenario, an attacker who successfully exploited this vulnerability could traverse the guest’s security boundary to gain access to the host environment.</p>
<p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p>
<p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p>
<p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p>
<p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p>
Microsoft Graphics Component
Microsoft
Yes
CVE-2026-20822
Use After Free
11568
11569
11571
11572
11923
11924
11929
11930
11931
12097
12098
12099
12437
20437
20438
12242
12243
12244
12389
12390
12436
10852
10853
10816
10855
Elevation of Privilege
11568
Elevation of Privilege
11569
Elevation of Privilege
11571
Elevation of Privilege
11572
Elevation of Privilege
11923
Elevation of Privilege
11924
Elevation of Privilege
11929
Elevation of Privilege
11930
Elevation of Privilege
11931
Elevation of Privilege
12097
Elevation of Privilege
12098
Elevation of Privilege
12099
Elevation of Privilege
12437
Elevation of Privilege
20437
Elevation of Privilege
20438
Elevation of Privilege
12242
Elevation of Privilege
12243
Elevation of Privilege
12244
Elevation of Privilege
12389
Elevation of Privilege
12390
Elevation of Privilege
12436
Elevation of Privilege
10852
Elevation of Privilege
10853
Elevation of Privilege
10816
Elevation of Privilege
10855
Critical
11568
Critical
11569
Critical
11571
Critical
11572
Critical
11923
Critical
11924
Critical
11929
Critical
11930
Critical
11931
Critical
12097
Critical
12098
Critical
12099
Critical
12437
Critical
20437
Critical
20438
Critical
12242
Critical
12243
Critical
12244
Critical
12389
Critical
12390
Critical
12436
Critical
10852
Critical
10853
Critical
10816
Critical
10855
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
7.8
6.8
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
11568
7.8
6.8
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
11569
7.8
6.8
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
11571
7.8
6.8
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
11572
7.8
6.8
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
11923
7.8
6.8
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
11924
7.8
6.8
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
11929
7.8
6.8
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
11930
7.8
6.8
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
11931
7.8
6.8
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
12097
7.8
6.8
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
12098
7.8
6.8
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
12099
7.8
6.8
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
12437
7.8
6.8
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
20437
7.8
6.8
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
20438
7.8
6.8
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
12242
7.8
6.8
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
12243
7.8
6.8
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
12244
7.8
6.8
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
12389
7.8
6.8
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
12390
7.8
6.8
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
12436
7.8
6.8
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
10852
7.8
6.8
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
10853
7.8
6.8
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
10816
7.8
6.8
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
10855
5073723
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073723
5071544
11568
11569
11571
11572
Yes
Security Update
10.0.17763.8276
https://support.microsoft.com/help/5073723
11568
11569
11571
11572
5073723
5073723
https://support.microsoft.com/help/5073723
11568
11569
11571
11572
5073457
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073457
5071547
11923
11924
Yes
Security Update
10.0.20348.4648
https://support.microsoft.com/help/5073457
11923
11924
5073457
5073457
https://support.microsoft.com/help/5073457
11923
11924
5073724
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073724
5071546
11929
11930
11931
Yes
Security Update
10.0.19044.6809
https://support.microsoft.com/help/5073724
11929
11930
11931
5073724
5073724
https://support.microsoft.com/help/5073724
11929
11930
11931
12097
12098
12099
5073724
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073724
5071546
12097
12098
12099
Yes
Security Update
10.0.19045.6809
https://support.microsoft.com/help/5073724
12097
12098
12099
5073724
5073379
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073379
5072033
12437
12436
Yes
Security Update
10.0.26100.32230
https://support.microsoft.com/en-us/topic/a6021fd2-b3b7-45a7-b68e-35c28a2a77da
12437
12436
5073379
5073379
https://support.microsoft.com/help/5073379
12437
12436
5074109
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5074109
5072033
20437
20438
Yes
Security Update
10.0.26200.7623
https://support.microsoft.com/help/5074109
20437
20438
5074109
5074109
https://support.microsoft.com/help/5074109
20437
20438
12389
12390
5073455
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073455
5071417
12242
12243
Yes
Security Update
10.0.22631.6491
https://support.microsoft.com/help/5073455
12242
12243
5073455
5073455
https://support.microsoft.com/help/5073455
12242
12243
5073450
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073450
5071542
12244
Yes
Security Update
10.0.25398.2092
https://support.microsoft.com/help/5073450
12244
5073450
5073450
https://support.microsoft.com/help/5073450
12244
5074109
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5074109
5072033
12389
12390
Yes
Security Update
10.0.26100.7623
https://support.microsoft.com/help/5074109
12389
12390
5074109
5073722
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073722
5071543
10852
10853
10816
10855
Yes
Security Update
10.0.14393.8783
https://support.microsoft.com/help/5073722
10852
10853
10816
10855
5073722
Anonymous
1.0
2026-01-13T08:00:00
<p>Information published.</p>
Windows File Explorer Information Disclosure Vulnerability
<p>Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an authorized attacker to disclose information locally.</p>
<p><strong>According to the CVSS metrics, successful exploitation of this vulnerability could lead to some loss of confidentiality (C:L),but lead to no loss of availability (A:N) and integrity (I:N)? What does that mean for this vulnerability?</strong></p>
<p>An attacker who successfully exploited the vulnerability could view some sensitive information (Confidentiality) but not all resources within the impacted component may be divulged to the attacker. The attacker cannot make changes to disclosed information (Integrity) or limit access to the resource (Availability).</p>
<p><strong>What type of information could be disclosed by this vulnerability?</strong></p>
<p>The type of information that could be disclosed if an attacker successfully exploited this vulnerability is an address from an object operating at a High Integrity Level in a contained ("sandboxed") execution environment.</p>
<p>Please refer to <a href="https://learn.microsoft.com/en-us/windows/win32/secauthz/appcontainer-isolation">AppContainer isolation</a> and <a href="https://learn.microsoft.com/en-us/windows/win32/secauthz/mandatory-integrity-control">Mandatory Integrity Control</a> for more information.</p>
Windows File Explorer
Microsoft
Yes
CVE-2026-20823
Exposure of Sensitive Information to an Unauthorized Actor
11568
11569
11571
11572
11923
11924
11929
11930
11931
12097
12098
12099
12437
20437
20438
12242
12243
12244
12389
12390
12436
10852
10853
10816
10855
Information Disclosure
11568
Information Disclosure
11569
Information Disclosure
11571
Information Disclosure
11572
Information Disclosure
11923
Information Disclosure
11924
Information Disclosure
11929
Information Disclosure
11930
Information Disclosure
11931
Information Disclosure
12097
Information Disclosure
12098
Information Disclosure
12099
Information Disclosure
12437
Information Disclosure
20437
Information Disclosure
20438
Information Disclosure
12242
Information Disclosure
12243
Information Disclosure
12244
Information Disclosure
12389
Information Disclosure
12390
Information Disclosure
12436
Information Disclosure
10852
Information Disclosure
10853
Information Disclosure
10816
Information Disclosure
10855
Important
11568
Important
11569
Important
11571
Important
11572
Important
11923
Important
11924
Important
11929
Important
11930
Important
11931
Important
12097
Important
12098
Important
12099
Important
12437
Important
20437
Important
20438
Important
12242
Important
12243
Important
12244
Important
12389
Important
12390
Important
12436
Important
10852
Important
10853
Important
10816
Important
10855
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11568
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11569
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11571
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11572
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11923
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11924
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11929
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11930
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11931
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12097
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12098
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12099
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12437
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
20437
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
20438
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12242
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12243
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12244
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12389
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12390
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12436
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10852
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10853
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10816
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10855
5073723
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073723
5071544
11568
11569
11571
11572
Yes
Security Update
10.0.17763.8276
https://support.microsoft.com/help/5073723
11568
11569
11571
11572
5073723
5073723
https://support.microsoft.com/help/5073723
11568
11569
11571
11572
5073457
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073457
5071547
11923
11924
Yes
Security Update
10.0.20348.4648
https://support.microsoft.com/help/5073457
11923
11924
5073457
5073457
https://support.microsoft.com/help/5073457
11923
11924
5073724
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073724
5071546
11929
11930
11931
Yes
Security Update
10.0.19044.6809
https://support.microsoft.com/help/5073724
11929
11930
11931
5073724
5073724
https://support.microsoft.com/help/5073724
11929
11930
11931
12097
12098
12099
5073724
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073724
5071546
12097
12098
12099
Yes
Security Update
10.0.19045.6809
https://support.microsoft.com/help/5073724
12097
12098
12099
5073724
5073379
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073379
5072033
12437
12436
Yes
Security Update
10.0.26100.32230
https://support.microsoft.com/en-us/topic/a6021fd2-b3b7-45a7-b68e-35c28a2a77da
12437
12436
5073379
5073379
https://support.microsoft.com/help/5073379
12437
12436
5074109
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5074109
5072033
20437
20438
Yes
Security Update
10.0.26200.7623
https://support.microsoft.com/help/5074109
20437
20438
5074109
5074109
https://support.microsoft.com/help/5074109
20437
20438
12389
12390
5073455
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073455
5071417
12242
12243
Yes
Security Update
10.0.22631.6491
https://support.microsoft.com/help/5073455
12242
12243
5073455
5073455
https://support.microsoft.com/help/5073455
12242
12243
5073450
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073450
5071542
12244
Yes
Security Update
10.0.25398.2092
https://support.microsoft.com/help/5073450
12244
5073450
5073450
https://support.microsoft.com/help/5073450
12244
5074109
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5074109
5072033
12389
12390
Yes
Security Update
10.0.26100.7623
https://support.microsoft.com/help/5074109
12389
12390
5074109
5073722
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073722
5071543
10852
10853
10816
10855
Yes
Security Update
10.0.14393.8783
https://support.microsoft.com/help/5073722
10852
10853
10816
10855
5073722
Anonymous
1.0
2026-01-13T08:00:00
<p>Information published.</p>
Windows Remote Assistance Security Feature Bypass Vulnerability
<p>Protection mechanism failure in Windows Remote Assistance allows an unauthorized attacker to bypass a security feature locally.</p>
<p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p>
<p>Exploitation of the vulnerability requires that a user open a specially crafted file. * In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file. * In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) containing a specially crafted file designed to exploit the vulnerability. An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file.</p>
<p><strong>What kind of security feature could be bypassed by successfully exploiting this vulnerability?</strong></p>
<p>An attacker who successfully exploited the vulnerability could evade Mark of the Web (MOTW) defenses.</p>
Windows Remote Assistance
Microsoft
Yes
CVE-2026-20824
Protection Mechanism Failure
11568
11569
11571
11572
11923
11924
11929
11930
11931
12097
12098
12099
12437
20437
20438
12242
12243
12244
12389
12390
12436
10852
10853
10816
10855
10378
10379
10483
10543
Security Feature Bypass
11568
Security Feature Bypass
11569
Security Feature Bypass
11571
Security Feature Bypass
11572
Security Feature Bypass
11923
Security Feature Bypass
11924
Security Feature Bypass
11929
Security Feature Bypass
11930
Security Feature Bypass
11931
Security Feature Bypass
12097
Security Feature Bypass
12098
Security Feature Bypass
12099
Security Feature Bypass
12437
Security Feature Bypass
20437
Security Feature Bypass
20438
Security Feature Bypass
12242
Security Feature Bypass
12243
Security Feature Bypass
12244
Security Feature Bypass
12389
Security Feature Bypass
12390
Security Feature Bypass
12436
Security Feature Bypass
10852
Security Feature Bypass
10853
Security Feature Bypass
10816
Security Feature Bypass
10855
Security Feature Bypass
10378
Security Feature Bypass
10379
Security Feature Bypass
10483
Security Feature Bypass
10543
Important
11568
Important
11569
Important
11571
Important
11572
Important
11923
Important
11924
Important
11929
Important
11930
Important
11931
Important
12097
Important
12098
Important
12099
Important
12437
Important
20437
Important
20438
Important
12242
Important
12243
Important
12244
Important
12389
Important
12390
Important
12436
Important
10852
Important
10853
Important
10816
Important
10855
Important
10378
Important
10379
Important
10483
Important
10543
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11568
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11569
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11571
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11572
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11923
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11924
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11929
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11930
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11931
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12097
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12098
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12099
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12437
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
20437
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
20438
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12242
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12243
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12244
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12389
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12390
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12436
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10852
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10853
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10816
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10855
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10378
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10379
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10483
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10543
5073723
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073723
5071544
11568
11569
11571
11572
Yes
Security Update
10.0.17763.8276
https://support.microsoft.com/help/5073723
11568
11569
11571
11572
5073723
5073723
https://support.microsoft.com/help/5073723
11568
11569
11571
11572
5073457
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073457
5071547
11923
11924
Yes
Security Update
10.0.20348.4648
https://support.microsoft.com/help/5073457
11923
11924
5073457
5073457
https://support.microsoft.com/help/5073457
11923
11924
5073724
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073724
5071546
11929
11930
11931
Yes
Security Update
10.0.19044.6809
https://support.microsoft.com/help/5073724
11929
11930
11931
5073724
5073724
https://support.microsoft.com/help/5073724
11929
11930
11931
12097
12098
12099
5073724
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073724
5071546
12097
12098
12099
Yes
Security Update
10.0.19045.6809
https://support.microsoft.com/help/5073724
12097
12098
12099
5073724
5073379
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073379
5072033
12437
12436
Yes
Security Update
10.0.26100.32230
https://support.microsoft.com/en-us/topic/a6021fd2-b3b7-45a7-b68e-35c28a2a77da
12437
12436
5073379
5073379
https://support.microsoft.com/help/5073379
12437
12436
5074109
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5074109
5072033
20437
20438
Yes
Security Update
10.0.26200.7623
https://support.microsoft.com/help/5074109
20437
20438
5074109
5074109
https://support.microsoft.com/help/5074109
20437
20438
12389
12390
5073455
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073455
5071417
12242
12243
Yes
Security Update
10.0.22631.6491
https://support.microsoft.com/help/5073455
12242
12243
5073455
5073455
https://support.microsoft.com/help/5073455
12242
12243
5073450
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073450
5071542
12244
Yes
Security Update
10.0.25398.2092
https://support.microsoft.com/help/5073450
12244
5073450
5073450
https://support.microsoft.com/help/5073450
12244
5074109
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5074109
5072033
12389
12390
Yes
Security Update
10.0.26100.7623
https://support.microsoft.com/help/5074109
12389
12390
5074109
5073722
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073722
5071543
10852
10853
10816
10855
Yes
Security Update
10.0.14393.8783
https://support.microsoft.com/help/5073722
10852
10853
10816
10855
5073722
5073698
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073698
5071505
10378
10379
Yes
Monthly Rollup
6.2.9200.25868
https://support.microsoft.com/help/5073698
10378
10379
5073698
5073696
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073696
5071503
10483
10543
Yes
Monthly Rollup
6.3.9600.22968
https://support.microsoft.com/help/5073696
10483
10543
5073696
Allan Hedegaard with <a href="https://www.gpv-group.com/">GPV Group A/S</a>
1.0
2026-01-13T08:00:00
<p>Information published.</p>
Windows Hyper-V Information Disclosure Vulnerability
<p>Improper access control in Windows Hyper-V allows an authorized attacker to disclose information locally.</p>
<p><strong>What type of information could be disclosed by this vulnerability?</strong></p>
<p>The type of information that could be disclosed if an attacker successfully exploited this vulnerability is Guest VM to Hyper-V host server - virtualization security boundary.</p>
Windows Hyper-V
Microsoft
Yes
CVE-2026-20825
Improper Access Control
11569
11571
11572
11923
11924
11931
12097
12437
20437
20438
12242
12243
12244
12389
12390
12436
Information Disclosure
11569
Information Disclosure
11571
Information Disclosure
11572
Information Disclosure
11923
Information Disclosure
11924
Information Disclosure
11931
Information Disclosure
12097
Information Disclosure
12437
Information Disclosure
20437
Information Disclosure
20438
Information Disclosure
12242
Information Disclosure
12243
Information Disclosure
12244
Information Disclosure
12389
Information Disclosure
12390
Information Disclosure
12436
Important
11569
Important
11571
Important
11572
Important
11923
Important
11924
Important
11931
Important
12097
Important
12437
Important
20437
Important
20438
Important
12242
Important
12243
Important
12244
Important
12389
Important
12390
Important
12436
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
4.4
3.9
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11569
4.4
3.9
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11571
4.4
3.9
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11572
4.4
3.9
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11923
4.4
3.9
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11924
4.4
3.9
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11931
4.4
3.9
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12097
4.4
3.9
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12437
4.4
3.9
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
20437
4.4
3.9
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
20438
4.4
3.9
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12242
4.4
3.9
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12243
4.4
3.9
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12244
4.4
3.9
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12389
4.4
3.9
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12390
4.4
3.9
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12436
5073723
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073723
5071544
11569
11571
11572
Yes
Security Update
10.0.17763.8276
https://support.microsoft.com/help/5073723
11569
11571
11572
5073723
5073723
https://support.microsoft.com/help/5073723
11569
11571
11572
5073457
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073457
5071547
11923
11924
Yes
Security Update
10.0.20348.4648
https://support.microsoft.com/help/5073457
11923
11924
5073457
5073457
https://support.microsoft.com/help/5073457
11923
11924
5073724
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073724
5071546
11931
Yes
Security Update
10.0.19044.6809
https://support.microsoft.com/help/5073724
11931
5073724
5073724
https://support.microsoft.com/help/5073724
11931
12097
5073724
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073724
5071546
12097
Yes
Security Update
10.0.19045.6809
https://support.microsoft.com/help/5073724
12097
5073724
5073379
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073379
5072033
12437
12436
Yes
Security Update
10.0.26100.32230
https://support.microsoft.com/en-us/topic/a6021fd2-b3b7-45a7-b68e-35c28a2a77da
12437
12436
5073379
5073379
https://support.microsoft.com/help/5073379
12437
12436
5074109
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5074109
5072033
20437
20438
Yes
Security Update
10.0.26200.7623
https://support.microsoft.com/help/5074109
20437
20438
5074109
5074109
https://support.microsoft.com/help/5074109
20437
20438
12389
12390
5073455
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073455
5071417
12242
12243
Yes
Security Update
10.0.22631.6491
https://support.microsoft.com/help/5073455
12242
12243
5073455
5073455
https://support.microsoft.com/help/5073455
12242
12243
5073450
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073450
5071542
12244
Yes
Security Update
10.0.25398.2092
https://support.microsoft.com/help/5073450
12244
5073450
5073450
https://support.microsoft.com/help/5073450
12244
5074109
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5074109
5072033
12389
12390
Yes
Security Update
10.0.26100.7623
https://support.microsoft.com/help/5074109
12389
12390
5074109
Andrey Markovytch
1.0
2026-01-13T08:00:00
<p>Information published.</p>
Tablet Windows User Interface (TWINUI) Subsystem Information Disclosure Vulnerability
<p>Concurrent execution using shared resource with improper synchronization ('race condition') in Tablet Windows User Interface (TWINUI) Subsystem allows an authorized attacker to elevate privileges locally.</p>
<p><strong>What privileges could be gained by an attacker who successfully exploited the vulnerability?</strong></p>
<p>An attacker could use this vulnerability to elevate privileges from a Low Integrity Level in a contained ("sandboxed") execution environment to a Medium Integrity Level. Please refer to <a href="https://learn.microsoft.com/en-us/windows/win32/secauthz/appcontainer-isolation">AppContainer isolation</a> and <a href="https://learn.microsoft.com/en-us/windows/win32/secauthz/mandatory-integrity-control">Mandatory Integrity Control</a> for more information.</p>
Tablet Windows User Interface (TWINUI) Subsystem
Microsoft
Yes
CVE-2026-20826
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
11568
11569
11571
11572
11923
11924
11929
11930
11931
12097
12098
12099
12437
20437
20438
12242
12243
12244
12389
12390
12436
10852
10853
10816
10855
Elevation of Privilege
11568
Elevation of Privilege
11569
Elevation of Privilege
11571
Elevation of Privilege
11572
Elevation of Privilege
11923
Elevation of Privilege
11924
Elevation of Privilege
11929
Elevation of Privilege
11930
Elevation of Privilege
11931
Elevation of Privilege
12097
Elevation of Privilege
12098
Elevation of Privilege
12099
Elevation of Privilege
12437
Elevation of Privilege
20437
Elevation of Privilege
20438
Elevation of Privilege
12242
Elevation of Privilege
12243
Elevation of Privilege
12244
Elevation of Privilege
12389
Elevation of Privilege
12390
Elevation of Privilege
12436
Elevation of Privilege
10852
Elevation of Privilege
10853
Elevation of Privilege
10816
Elevation of Privilege
10855
Important
11568
Important
11569
Important
11571
Important
11572
Important
11923
Important
11924
Important
11929
Important
11930
Important
11931
Important
12097
Important
12098
Important
12099
Important
12437
Important
20437
Important
20438
Important
12242
Important
12243
Important
12244
Important
12389
Important
12390
Important
12436
Important
10852
Important
10853
Important
10816
Important
10855
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11568
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11569
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11571
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11572
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11923
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11924
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11929
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11930
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11931
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12097
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12098
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12099
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12437
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
20437
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
20438
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12242
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12243
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12244
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12389
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12390
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12436
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10852
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10853
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10816
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10855
5073723
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073723
5071544
11568
11569
11571
11572
Yes
Security Update
10.0.17763.8276
https://support.microsoft.com/help/5073723
11568
11569
11571
11572
5073723
5073723
https://support.microsoft.com/help/5073723
11568
11569
11571
11572
5073457
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073457
5071547
11923
11924
Yes
Security Update
10.0.20348.4648
https://support.microsoft.com/help/5073457
11923
11924
5073457
5073457
https://support.microsoft.com/help/5073457
11923
11924
5073724
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073724
5071546
11929
11930
11931
Yes
Security Update
10.0.19044.6809
https://support.microsoft.com/help/5073724
11929
11930
11931
5073724
5073724
https://support.microsoft.com/help/5073724
11929
11930
11931
12097
12098
12099
5073724
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073724
5071546
12097
12098
12099
Yes
Security Update
10.0.19045.6809
https://support.microsoft.com/help/5073724
12097
12098
12099
5073724
5073379
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073379
5072033
12437
12436
Yes
Security Update
10.0.26100.32230
https://support.microsoft.com/en-us/topic/a6021fd2-b3b7-45a7-b68e-35c28a2a77da
12437
12436
5073379
5073379
https://support.microsoft.com/help/5073379
12437
12436
5074109
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5074109
5072033
20437
20438
Yes
Security Update
10.0.26200.7623
https://support.microsoft.com/help/5074109
20437
20438
5074109
5074109
https://support.microsoft.com/help/5074109
20437
20438
12389
12390
5073455
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073455
5071417
12242
12243
Yes
Security Update
10.0.22631.6491
https://support.microsoft.com/help/5073455
12242
12243
5073455
5073455
https://support.microsoft.com/help/5073455
12242
12243
5073450
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073450
5071542
12244
Yes
Security Update
10.0.25398.2092
https://support.microsoft.com/help/5073450
12244
5073450
5073450
https://support.microsoft.com/help/5073450
12244
5074109
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5074109
5072033
12389
12390
Yes
Security Update
10.0.26100.7623
https://support.microsoft.com/help/5074109
12389
12390
5074109
5073722
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073722
5071543
10852
10853
10816
10855
Yes
Security Update
10.0.14393.8783
https://support.microsoft.com/help/5073722
10852
10853
10816
10855
5073722
Anonymous
1.0
2026-01-13T08:00:00
<p>Information published.</p>
Tablet Windows User Interface (TWINUI) Subsystem Information Disclosure Vulnerability
<p>Exposure of sensitive information to an unauthorized actor in Tablet Windows User Interface (TWINUI) Subsystem allows an authorized attacker to disclose information locally.</p>
<p><strong>What type of information could be disclosed by this vulnerability?</strong></p>
<p>The type of information that could be disclosed if an attacker successfully exploited this vulnerability is the local memory address.</p>
Tablet Windows User Interface (TWINUI) Subsystem
Microsoft
Yes
CVE-2026-20827
Exposure of Sensitive Information to an Unauthorized Actor
11568
11569
11571
11572
11923
11924
11929
11930
11931
12097
12098
12099
12437
20437
20438
12242
12243
12244
12389
12390
12436
10852
10853
10816
10855
Information Disclosure
11568
Information Disclosure
11569
Information Disclosure
11571
Information Disclosure
11572
Information Disclosure
11923
Information Disclosure
11924
Information Disclosure
11929
Information Disclosure
11930
Information Disclosure
11931
Information Disclosure
12097
Information Disclosure
12098
Information Disclosure
12099
Information Disclosure
12437
Information Disclosure
20437
Information Disclosure
20438
Information Disclosure
12242
Information Disclosure
12243
Information Disclosure
12244
Information Disclosure
12389
Information Disclosure
12390
Information Disclosure
12436
Information Disclosure
10852
Information Disclosure
10853
Information Disclosure
10816
Information Disclosure
10855
Important
11568
Important
11569
Important
11571
Important
11572
Important
11923
Important
11924
Important
11929
Important
11930
Important
11931
Important
12097
Important
12098
Important
12099
Important
12437
Important
20437
Important
20438
Important
12242
Important
12243
Important
12244
Important
12389
Important
12390
Important
12436
Important
10852
Important
10853
Important
10816
Important
10855
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11568
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11569
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11571
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11572
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11923
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11924
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11929
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11930
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11931
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12097
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12098
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12099
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12437
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
20437
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
20438
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12242
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12243
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12244
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12389
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12390
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12436
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10852
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10853
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10816
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10855
5073723
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073723
5071544
11568
11569
11571
11572
Yes
Security Update
10.0.17763.8276
https://support.microsoft.com/help/5073723
11568
11569
11571
11572
5073723
5073723
https://support.microsoft.com/help/5073723
11568
11569
11571
11572
5073457
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073457
5071547
11923
11924
Yes
Security Update
10.0.20348.4648
https://support.microsoft.com/help/5073457
11923
11924
5073457
5073457
https://support.microsoft.com/help/5073457
11923
11924
5073724
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073724
5071546
11929
11930
11931
Yes
Security Update
10.0.19044.6809
https://support.microsoft.com/help/5073724
11929
11930
11931
5073724
5073724
https://support.microsoft.com/help/5073724
11929
11930
11931
12097
12098
12099
5073724
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073724
5071546
12097
12098
12099
Yes
Security Update
10.0.19045.6809
https://support.microsoft.com/help/5073724
12097
12098
12099
5073724
5073379
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073379
5072033
12437
12436
Yes
Security Update
10.0.26100.32230
https://support.microsoft.com/en-us/topic/a6021fd2-b3b7-45a7-b68e-35c28a2a77da
12437
12436
5073379
5073379
https://support.microsoft.com/help/5073379
12437
12436
5074109
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5074109
5072033
20437
20438
Yes
Security Update
10.0.26200.7623
https://support.microsoft.com/help/5074109
20437
20438
5074109
5074109
https://support.microsoft.com/help/5074109
20437
20438
12389
12390
5073455
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073455
5071417
12242
12243
Yes
Security Update
10.0.22631.6491
https://support.microsoft.com/help/5073455
12242
12243
5073455
5073455
https://support.microsoft.com/help/5073455
12242
12243
5073450
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073450
5071542
12244
Yes
Security Update
10.0.25398.2092
https://support.microsoft.com/help/5073450
12244
5073450
5073450
https://support.microsoft.com/help/5073450
12244
5074109
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5074109
5072033
12389
12390
Yes
Security Update
10.0.26100.7623
https://support.microsoft.com/help/5074109
12389
12390
5074109
5073722
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073722
5071543
10852
10853
10816
10855
Yes
Security Update
10.0.14393.8783
https://support.microsoft.com/help/5073722
10852
10853
10816
10855
5073722
1.0
2026-01-13T08:00:00
<p>Information published.</p>
Windows rndismp6.sys Information Disclosure Vulnerability
<p>Out-of-bounds read in Windows Internet Connection Sharing (ICS) allows an unauthorized attacker to disclose information with a physical attack.</p>
<p><strong>What type of information could be disclosed by this vulnerability?</strong></p>
<p>The type of information that could be disclosed if an attacker successfully exploited this vulnerability is Kernel memory read - unintentional read access to memory contents in kernel space from a user mode process.</p>
Windows Internet Connection Sharing (ICS)
Microsoft
Yes
CVE-2026-20828
Out-of-bounds Read
11568
11569
11571
11572
11923
11924
11929
11930
11931
12097
12098
12099
12437
20437
20438
12242
12243
12244
12389
12390
12436
10852
10853
10816
10855
9312
10287
9318
9344
10051
10049
10378
10379
10483
10543
Information Disclosure
11568
Information Disclosure
11569
Information Disclosure
11571
Information Disclosure
11572
Information Disclosure
11923
Information Disclosure
11924
Information Disclosure
11929
Information Disclosure
11930
Information Disclosure
11931
Information Disclosure
12097
Information Disclosure
12098
Information Disclosure
12099
Information Disclosure
12437
Information Disclosure
20437
Information Disclosure
20438
Information Disclosure
12242
Information Disclosure
12243
Information Disclosure
12244
Information Disclosure
12389
Information Disclosure
12390
Information Disclosure
12436
Information Disclosure
10852
Information Disclosure
10853
Information Disclosure
10816
Information Disclosure
10855
Information Disclosure
9312
Information Disclosure
10287
Information Disclosure
9318
Information Disclosure
9344
Information Disclosure
10051
Information Disclosure
10049
Information Disclosure
10378
Information Disclosure
10379
Information Disclosure
10483
Information Disclosure
10543
Important
11568
Important
11569
Important
11571
Important
11572
Important
11923
Important
11924
Important
11929
Important
11930
Important
11931
Important
12097
Important
12098
Important
12099
Important
12437
Important
20437
Important
20438
Important
12242
Important
12243
Important
12244
Important
12389
Important
12390
Important
12436
Important
10852
Important
10853
Important
10816
Important
10855
Important
9312
Important
10287
Important
9318
Important
9344
Important
10051
Important
10049
Important
10378
Important
10379
Important
10483
Important
10543
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
4.6
4.0
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11568
4.6
4.0
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11569
4.6
4.0
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11571
4.6
4.0
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11572
4.6
4.0
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11923
4.6
4.0
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11924
4.6
4.0
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11929
4.6
4.0
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11930
4.6
4.0
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11931
4.6
4.0
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12097
4.6
4.0
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12098
4.6
4.0
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12099
4.6
4.0
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12437
4.6
4.0
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
20437
4.6
4.0
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
20438
4.6
4.0
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12242
4.6
4.0
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12243
4.6
4.0
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12244
4.6
4.0
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12389
4.6
4.0
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12390
4.6
4.0
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12436
4.6
4.0
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10852
4.6
4.0
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10853
4.6
4.0
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10816
4.6
4.0
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10855
4.6
4.0
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
9312
4.6
4.0
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10287
4.6
4.0
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
9318
4.6
4.0
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
9344
4.6
4.0
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10051
4.6
4.0
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10049
4.6
4.0
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10378
4.6
4.0
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10379
4.6
4.0
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10483
4.6
4.0
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10543
5073723
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073723
5071544
11568
11569
11571
11572
Yes
Security Update
10.0.17763.8276
https://support.microsoft.com/help/5073723
11568
11569
11571
11572
5073723
5073723
https://support.microsoft.com/help/5073723
11568
11569
11571
11572
5073457
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073457
5071547
11923
11924
Yes
Security Update
10.0.20348.4648
https://support.microsoft.com/help/5073457
11923
11924
5073457
5073457
https://support.microsoft.com/help/5073457
11923
11924
5073724
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073724
5071546
11929
11930
11931
Yes
Security Update
10.0.19044.6809
https://support.microsoft.com/help/5073724
11929
11930
11931
5073724
5073724
https://support.microsoft.com/help/5073724
11929
11930
11931
12097
12098
12099
5073724
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073724
5071546
12097
12098
12099
Yes
Security Update
10.0.19045.6809
https://support.microsoft.com/help/5073724
12097
12098
12099
5073724
5073379
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073379
5072033
12437
12436
Yes
Security Update
10.0.26100.32230
https://support.microsoft.com/en-us/topic/a6021fd2-b3b7-45a7-b68e-35c28a2a77da
12437
12436
5073379
5073379
https://support.microsoft.com/help/5073379
12437
12436
5074109
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5074109
5072033
20437
20438
Yes
Security Update
10.0.26200.7623
https://support.microsoft.com/help/5074109
20437
20438
5074109
5074109
https://support.microsoft.com/help/5074109
20437
20438
12389
12390
5073455
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073455
5071417
12242
12243
Yes
Security Update
10.0.22631.6491
https://support.microsoft.com/help/5073455
12242
12243
5073455
5073455
https://support.microsoft.com/help/5073455
12242
12243
5073450
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073450
5071542
12244
Yes
Security Update
10.0.25398.2092
https://support.microsoft.com/help/5073450
12244
5073450
5073450
https://support.microsoft.com/help/5073450
12244
5074109
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5074109
5072033
12389
12390
Yes
Security Update
10.0.26100.7623
https://support.microsoft.com/help/5074109
12389
12390
5074109
5073722
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073722
5071543
10852
10853
10816
10855
Yes
Security Update
10.0.14393.8783
https://support.microsoft.com/help/5073722
10852
10853
10816
10855
5073722
5073697
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073697
5071504
9312
10287
9318
9344
Yes
Monthly Rollup
6.0.6003.23717
https://support.microsoft.com/help/5073697
9312
10287
9318
9344
5073697
5073700
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073700
9312
10287
9318
9344
Yes
Security Only
6.0.6003.23717
https://support.microsoft.com/help/5073700
9312
10287
9318
9344
5073700
5073695
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073695
5071501
10051
10049
Yes
Monthly Rollup
6.1.7601.28117
https://support.microsoft.com/help/5073695
10051
10049
5073695
5073699
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073699
10051
10049
Yes
Security Only
6.1.7601.28117
https://support.microsoft.com/help/5073699
10051
10049
5073699
5073698
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073698
5071505
10378
10379
Yes
Monthly Rollup
6.2.9200.25868
https://support.microsoft.com/help/5073698
10378
10379
5073698
5073696
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073696
5071503
10483
10543
Yes
Monthly Rollup
6.3.9600.22968
https://support.microsoft.com/help/5073696
10483
10543
5073696
B1aN
1.0
2026-01-13T08:00:00
<p>Information published.</p>
TPM Trustlet Information Disclosure Vulnerability
<p>Out-of-bounds read in Windows TPM allows an authorized attacker to disclose information locally.</p>
<p><strong>What type of information could be disclosed by this vulnerability?</strong></p>
<p>The type of information that could be disclosed if an attacker successfully exploited this vulnerability is secrets or privileged information belonging to the user of the affected application.</p>
Windows TPM
Microsoft
Yes
CVE-2026-20829
Out-of-bounds Read
11569
11571
11572
11923
11924
11931
12097
12437
20437
20438
12242
12243
12244
12389
12390
12436
Information Disclosure
11569
Information Disclosure
11571
Information Disclosure
11572
Information Disclosure
11923
Information Disclosure
11924
Information Disclosure
11931
Information Disclosure
12097
Information Disclosure
12437
Information Disclosure
20437
Information Disclosure
20438
Information Disclosure
12242
Information Disclosure
12243
Information Disclosure
12244
Information Disclosure
12389
Information Disclosure
12390
Information Disclosure
12436
Important
11569
Important
11571
Important
11572
Important
11923
Important
11924
Important
11931
Important
12097
Important
12437
Important
20437
Important
20438
Important
12242
Important
12243
Important
12244
Important
12389
Important
12390
Important
12436
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11569
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11571
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11572
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11923
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11924
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11931
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12097
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12437
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
20437
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
20438
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12242
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12243
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12244
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12389
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12390
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12436
5073723
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073723
5071544
11569
11571
11572
Yes
Security Update
10.0.17763.8276
https://support.microsoft.com/help/5073723
11569
11571
11572
5073723
5073723
https://support.microsoft.com/help/5073723
11569
11571
11572
5073457
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073457
5071547
11923
11924
Yes
Security Update
10.0.20348.4648
https://support.microsoft.com/help/5073457
11923
11924
5073457
5073457
https://support.microsoft.com/help/5073457
11923
11924
5073724
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073724
5071546
11931
Yes
Security Update
10.0.19044.6809
https://support.microsoft.com/help/5073724
11931
5073724
5073724
https://support.microsoft.com/help/5073724
11931
12097
5073724
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073724
5071546
12097
Yes
Security Update
10.0.19045.6809
https://support.microsoft.com/help/5073724
12097
5073724
5073379
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073379
5072033
12437
12436
Yes
Security Update
10.0.26100.32230
https://support.microsoft.com/en-us/topic/a6021fd2-b3b7-45a7-b68e-35c28a2a77da
12437
12436
5073379
5073379
https://support.microsoft.com/help/5073379
12437
12436
5074109
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5074109
5072033
20437
20438
Yes
Security Update
10.0.26200.7623
https://support.microsoft.com/help/5074109
20437
20438
5074109
5074109
https://support.microsoft.com/help/5074109
20437
20438
12389
12390
5073455
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073455
5071417
12242
12243
Yes
Security Update
10.0.22631.6491
https://support.microsoft.com/help/5073455
12242
12243
5073455
5073455
https://support.microsoft.com/help/5073455
12242
12243
5073450
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073450
5071542
12244
Yes
Security Update
10.0.25398.2092
https://support.microsoft.com/help/5073450
12244
5073450
5073450
https://support.microsoft.com/help/5073450
12244
5074109
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5074109
5072033
12389
12390
Yes
Security Update
10.0.26100.7623
https://support.microsoft.com/help/5074109
12389
12390
5074109
Microsoft Offensive Research & Security Engineering
1.0
2026-01-13T08:00:00
<p>Information published.</p>
Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
<p>Time-of-check time-of-use (toctou) race condition in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.</p>
<p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p>
<p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p>
Windows Ancillary Function Driver for WinSock
Microsoft
Yes
CVE-2026-20831
Time-of-check Time-of-use (TOCTOU) Race Condition
11568
11569
11571
11572
11923
11924
11929
11930
11931
12097
12098
12099
12437
20437
20438
12242
12243
12244
12389
12390
12436
10852
10853
10816
10855
9312
10287
9318
9344
10051
10049
10378
10379
10483
10543
Elevation of Privilege
11568
Elevation of Privilege
11569
Elevation of Privilege
11571
Elevation of Privilege
11572
Elevation of Privilege
11923
Elevation of Privilege
11924
Elevation of Privilege
11929
Elevation of Privilege
11930
Elevation of Privilege
11931
Elevation of Privilege
12097
Elevation of Privilege
12098
Elevation of Privilege
12099
Elevation of Privilege
12437
Elevation of Privilege
20437
Elevation of Privilege
20438
Elevation of Privilege
12242
Elevation of Privilege
12243
Elevation of Privilege
12244
Elevation of Privilege
12389
Elevation of Privilege
12390
Elevation of Privilege
12436
Elevation of Privilege
10852
Elevation of Privilege
10853
Elevation of Privilege
10816
Elevation of Privilege
10855
Elevation of Privilege
9312
Elevation of Privilege
10287
Elevation of Privilege
9318
Elevation of Privilege
9344
Elevation of Privilege
10051
Elevation of Privilege
10049
Elevation of Privilege
10378
Elevation of Privilege
10379
Elevation of Privilege
10483
Elevation of Privilege
10543
Important
11568
Important
11569
Important
11571
Important
11572
Important
11923
Important
11924
Important
11929
Important
11930
Important
11931
Important
12097
Important
12098
Important
12099
Important
12437
Important
20437
Important
20438
Important
12242
Important
12243
Important
12244
Important
12389
Important
12390
Important
12436
Important
10852
Important
10853
Important
10816
Important
10855
Important
9312
Important
10287
Important
9318
Important
9344
Important
10051
Important
10049
Important
10378
Important
10379
Important
10483
Important
10543
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11568
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11569
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11571
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11572
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11923
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11924
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11929
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11930
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11931
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12097
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12098
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12099
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12437
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
20437
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
20438
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12242
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12243
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12244
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12389
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12390
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12436
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10852
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10853
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10816
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10855
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9312
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10287
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9318
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9344
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10051
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10049
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10378
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10379
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10483
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10543
5073723
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073723
5071544
11568
11569
11571
11572
Yes
Security Update
10.0.17763.8276
https://support.microsoft.com/help/5073723
11568
11569
11571
11572
5073723
5073723
https://support.microsoft.com/help/5073723
11568
11569
11571
11572
5073457
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073457
5071547
11923
11924
Yes
Security Update
10.0.20348.4648
https://support.microsoft.com/help/5073457
11923
11924
5073457
5073457
https://support.microsoft.com/help/5073457
11923
11924
5073724
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073724
5071546
11929
11930
11931
Yes
Security Update
10.0.19044.6809
https://support.microsoft.com/help/5073724
11929
11930
11931
5073724
5073724
https://support.microsoft.com/help/5073724
11929
11930
11931
12097
12098
12099
5073724
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073724
5071546
12097
12098
12099
Yes
Security Update
10.0.19045.6809
https://support.microsoft.com/help/5073724
12097
12098
12099
5073724
5073379
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073379
5072033
12437
12436
Yes
Security Update
10.0.26100.32230
https://support.microsoft.com/en-us/topic/a6021fd2-b3b7-45a7-b68e-35c28a2a77da
12437
12436
5073379
5073379
https://support.microsoft.com/help/5073379
12437
12436
5074109
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5074109
5072033
20437
20438
Yes
Security Update
10.0.26200.7623
https://support.microsoft.com/help/5074109
20437
20438
5074109
5074109
https://support.microsoft.com/help/5074109
20437
20438
12389
12390
5073455
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073455
5071417
12242
12243
Yes
Security Update
10.0.22631.6491
https://support.microsoft.com/help/5073455
12242
12243
5073455
5073455
https://support.microsoft.com/help/5073455
12242
12243
5073450
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073450
5071542
12244
Yes
Security Update
10.0.25398.2092
https://support.microsoft.com/help/5073450
12244
5073450
5073450
https://support.microsoft.com/help/5073450
12244
5074109
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5074109
5072033
12389
12390
Yes
Security Update
10.0.26100.7623
https://support.microsoft.com/help/5074109
12389
12390
5074109
5073722
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073722
5071543
10852
10853
10816
10855
Yes
Security Update
10.0.14393.8783
https://support.microsoft.com/help/5073722
10852
10853
10816
10855
5073722
5073697
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073697
5071504
9312
10287
9318
9344
Yes
Monthly Rollup
6.0.6003.23717
https://support.microsoft.com/help/5073697
9312
10287
9318
9344
5073697
5073700
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073700
9312
10287
9318
9344
Yes
Security Only
6.0.6003.23717
https://support.microsoft.com/help/5073700
9312
10287
9318
9344
5073700
5073695
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073695
5071501
10051
10049
Yes
Monthly Rollup
6.1.7601.28117
https://support.microsoft.com/help/5073695
10051
10049
5073695
5073699
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073699
10051
10049
Yes
Security Only
6.1.7601.28117
https://support.microsoft.com/help/5073699
10051
10049
5073699
5073698
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073698
5071505
10378
10379
Yes
Monthly Rollup
6.2.9200.25868
https://support.microsoft.com/help/5073698
10378
10379
5073698
5073696
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073696
5071503
10483
10543
Yes
Monthly Rollup
6.3.9600.22968
https://support.microsoft.com/help/5073696
10483
10543
5073696
<a href="https://twitter.com/scwuaptx">Angelboy (@scwuaptx)</a> with <a href="https://devco.re/">DEVCORE</a>
<a href="https://x.com/dungnm_">dungnm</a> with <a href="https://x.com/vcslab">Viettel Cyber Security</a>
<a href="https://x.com/tacbliw">Lê Trần Hải Tùng</a> with <a href="https://x.com/vcslab">Viettel Cyber Security</a>
1.0
2026-01-13T08:00:00
<p>Information published.</p>
Windows Remote Procedure Call Interface Definition Language (IDL) Elevation of Privilege Vulnerability
<p><strong>What privileges could be gained by an attacker who successfully exploited the vulnerability?</strong></p>
<p>An attacker who successfully exploited this vulnerability could create, modify, or delete files in the security context of the "NT AUTHORITY\SYSTEM" account.</p>
Windows Remote Procedure Call Interface Definition Language (IDL)
Microsoft
Yes
CVE-2026-20832
Double Free
11568
11569
11571
11572
11923
11924
11929
11930
11931
12097
12098
12099
12437
20437
20438
12242
12243
12244
12389
12390
12436
10852
10853
10816
10855
Elevation of Privilege
11568
Elevation of Privilege
11569
Elevation of Privilege
11571
Elevation of Privilege
11572
Elevation of Privilege
11923
Elevation of Privilege
11924
Elevation of Privilege
11929
Elevation of Privilege
11930
Elevation of Privilege
11931
Elevation of Privilege
12097
Elevation of Privilege
12098
Elevation of Privilege
12099
Elevation of Privilege
12437
Elevation of Privilege
20437
Elevation of Privilege
20438
Elevation of Privilege
12242
Elevation of Privilege
12243
Elevation of Privilege
12244
Elevation of Privilege
12389
Elevation of Privilege
12390
Elevation of Privilege
12436
Elevation of Privilege
10852
Elevation of Privilege
10853
Elevation of Privilege
10816
Elevation of Privilege
10855
Important
11568
Important
11569
Important
11571
Important
11572
Important
11923
Important
11924
Important
11929
Important
11930
Important
11931
Important
12097
Important
12098
Important
12099
Important
12437
Important
20437
Important
20438
Important
12242
Important
12243
Important
12244
Important
12389
Important
12390
Important
12436
Important
10852
Important
10853
Important
10816
Important
10855
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11568
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11569
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11571
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11572
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11923
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11924
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11929
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11930
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11931
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12097
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12098
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12099
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12437
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
20437
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
20438
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12242
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12243
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12244
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12389
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12390
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12436
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10852
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10853
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10816
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10855
5073723
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073723
5071544
11568
11569
11571
11572
Yes
Security Update
10.0.17763.8276
https://support.microsoft.com/help/5073723
11568
11569
11571
11572
5073723
5073723
https://support.microsoft.com/help/5073723
11568
11569
11571
11572
5073457
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073457
5071547
11923
11924
Yes
Security Update
10.0.20348.4648
https://support.microsoft.com/help/5073457
11923
11924
5073457
5073457
https://support.microsoft.com/help/5073457
11923
11924
5073724
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073724
5071546
11929
11930
11931
Yes
Security Update
10.0.19044.6809
https://support.microsoft.com/help/5073724
11929
11930
11931
5073724
5073724
https://support.microsoft.com/help/5073724
11929
11930
11931
12097
12098
12099
5073724
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073724
5071546
12097
12098
12099
Yes
Security Update
10.0.19045.6809
https://support.microsoft.com/help/5073724
12097
12098
12099
5073724
5073379
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073379
5072033
12437
12436
Yes
Security Update
10.0.26100.32230
https://support.microsoft.com/en-us/topic/a6021fd2-b3b7-45a7-b68e-35c28a2a77da
12437
12436
5073379
5073379
https://support.microsoft.com/help/5073379
12437
12436
5074109
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5074109
5072033
20437
20438
Yes
Security Update
10.0.26200.7623
https://support.microsoft.com/help/5074109
20437
20438
5074109
5074109
https://support.microsoft.com/help/5074109
20437
20438
12389
12390
5073455
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073455
5071417
12242
12243
Yes
Security Update
10.0.22631.6491
https://support.microsoft.com/help/5073455
12242
12243
5073455
5073455
https://support.microsoft.com/help/5073455
12242
12243
5073450
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073450
5071542
12244
Yes
Security Update
10.0.25398.2092
https://support.microsoft.com/help/5073450
12244
5073450
5073450
https://support.microsoft.com/help/5073450
12244
5074109
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5074109
5072033
12389
12390
Yes
Security Update
10.0.26100.7623
https://support.microsoft.com/help/5074109
12389
12390
5074109
5073722
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073722
5071543
10852
10853
10816
10855
Yes
Security Update
10.0.14393.8783
https://support.microsoft.com/help/5073722
10852
10853
10816
10855
5073722
Pwnforr777
1.0
2026-01-13T08:00:00
<p>Information published.</p>
Windows Kerberos Information Disclosure Vulnerability
<p>Use of a broken or risky cryptographic algorithm in Windows Kerberos allows an authorized attacker to disclose information locally.</p>
<p><strong>Are there other steps that need to be done to protect from exploitation of this vulnerability?</strong></p>
<p>Yes, please see <a href="https://support.microsoft.com/en-us/topic/1ebcda33-720a-4da8-93c1-b0496e1910dc">How to manage Kerberos protocol changes related to CVE-2026-20833</a> for more information about how to protect from this vulnerability.</p>
<p><strong>What type of information could be disclosed by this vulnerability?</strong></p>
<p>The type of information that could be disclosed if an attacker successfully exploited this vulnerability is secrets or privileged information belonging to the user of the affected application.</p>
Windows Kerberos
Microsoft
Yes
CVE-2026-20833
Use of a Broken or Risky Cryptographic Algorithm
11571
11572
11923
11924
12437
12244
12436
10816
10855
9312
10287
9318
9344
10051
10049
10378
10379
10483
10543
Information Disclosure
11571
Information Disclosure
11572
Information Disclosure
11923
Information Disclosure
11924
Information Disclosure
12437
Information Disclosure
12244
Information Disclosure
12436
Information Disclosure
10816
Information Disclosure
10855
Information Disclosure
9312
Information Disclosure
10287
Information Disclosure
9318
Information Disclosure
9344
Information Disclosure
10051
Information Disclosure
10049
Information Disclosure
10378
Information Disclosure
10379
Information Disclosure
10483
Information Disclosure
10543
Important
11571
Important
11572
Important
11923
Important
11924
Important
12437
Important
12244
Important
12436
Important
10816
Important
10855
Important
9312
Important
10287
Important
9318
Important
9344
Important
10051
Important
10049
Important
10378
Important
10379
Important
10483
Important
10543
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11571
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11572
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11923
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11924
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12437
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12244
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12436
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10816
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10855
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
9312
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10287
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
9318
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
9344
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10051
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10049
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10378
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10379
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10483
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10543
5073723
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073723
5071544
11571
11572
Yes
Security Update
10.0.17763.8276
https://support.microsoft.com/help/5073723
11571
11572
5073723
5073723
https://support.microsoft.com/help/5073723
11571
11572
5073457
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073457
5071547
11923
11924
Yes
Security Update
10.0.20348.4648
https://support.microsoft.com/help/5073457
11923
11924
5073457
5073457
https://support.microsoft.com/help/5073457
11923
11924
5073379
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073379
5072033
12437
12436
Yes
Security Update
10.0.26100.32230
https://support.microsoft.com/en-us/topic/a6021fd2-b3b7-45a7-b68e-35c28a2a77da
12437
12436
5073379
5073379
https://support.microsoft.com/help/5073379
12437
12436
5073450
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073450
5071542
12244
Yes
Security Update
10.0.25398.2092
https://support.microsoft.com/help/5073450
12244
5073450
5073450
https://support.microsoft.com/help/5073450
12244
5073722
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073722
5071543
10816
10855
Yes
Security Update
10.0.14393.8783
https://support.microsoft.com/help/5073722
10816
10855
5073722
5073697
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073697
5071504
9312
10287
9318
9344
Yes
Monthly Rollup
6.0.6003.23717
https://support.microsoft.com/help/5073697
9312
10287
9318
9344
5073697
5073700
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073700
9312
10287
9318
9344
Yes
Security Only
6.0.6003.23717
https://support.microsoft.com/help/5073700
9312
10287
9318
9344
5073700
5073695
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073695
5071501
10051
10049
Yes
Monthly Rollup
6.1.7601.28117
https://support.microsoft.com/help/5073695
10051
10049
5073695
5073699
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073699
10051
10049
Yes
Security Only
6.1.7601.28117
https://support.microsoft.com/help/5073699
10051
10049
5073699
5073698
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073698
5071505
10378
10379
Yes
Monthly Rollup
6.2.9200.25868
https://support.microsoft.com/help/5073698
10378
10379
5073698
5073696
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073696
5071503
10483
10543
Yes
Monthly Rollup
6.3.9600.22968
https://support.microsoft.com/help/5073696
10483
10543
5073696
Windows Authentication Platform team
1.0
2026-01-13T08:00:00
<p>Information published.</p>
Windows Spoofing Vulnerability
<p>Absolute path traversal in Windows Shell allows an unauthorized attacker to perform spoofing with a physical attack.</p>
Windows Shell
Microsoft
Yes
CVE-2026-20834
Absolute Path Traversal
Exposure of Private Personal Information to an Unauthorized Actor
11568
11569
11571
11572
11923
11924
11929
11930
11931
12097
12098
12099
12437
20437
20438
12242
12243
12244
12389
12390
12436
10852
10853
10816
10855
9312
10287
9318
9344
10051
10049
10378
10379
10483
10543
Spoofing
11568
Spoofing
11569
Spoofing
11571
Spoofing
11572
Spoofing
11923
Spoofing
11924
Spoofing
11929
Spoofing
11930
Spoofing
11931
Spoofing
12097
Spoofing
12098
Spoofing
12099
Spoofing
12437
Spoofing
20437
Spoofing
20438
Spoofing
12242
Spoofing
12243
Spoofing
12244
Spoofing
12389
Spoofing
12390
Spoofing
12436
Spoofing
10852
Spoofing
10853
Spoofing
10816
Spoofing
10855
Spoofing
9312
Spoofing
10287
Spoofing
9318
Spoofing
9344
Spoofing
10051
Spoofing
10049
Spoofing
10378
Spoofing
10379
Spoofing
10483
Spoofing
10543
Important
11568
Important
11569
Important
11571
Important
11572
Important
11923
Important
11924
Important
11929
Important
11930
Important
11931
Important
12097
Important
12098
Important
12099
Important
12437
Important
20437
Important
20438
Important
12242
Important
12243
Important
12244
Important
12389
Important
12390
Important
12436
Important
10852
Important
10853
Important
10816
Important
10855
Important
9312
Important
10287
Important
9318
Important
9344
Important
10051
Important
10049
Important
10378
Important
10379
Important
10483
Important
10543
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
4.6
4.0
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11568
4.6
4.0
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11569
4.6
4.0
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11571
4.6
4.0
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11572
4.6
4.0
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11923
4.6
4.0
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11924
4.6
4.0
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11929
4.6
4.0
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11930
4.6
4.0
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11931
4.6
4.0
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12097
4.6
4.0
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12098
4.6
4.0
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12099
4.6
4.0
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12437
4.6
4.0
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
20437
4.6
4.0
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
20438
4.6
4.0
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12242
4.6
4.0
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12243
4.6
4.0
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12244
4.6
4.0
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12389
4.6
4.0
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12390
4.6
4.0
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12436
4.6
4.0
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10852
4.6
4.0
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10853
4.6
4.0
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10816
4.6
4.0
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10855
4.6
4.0
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
9312
4.6
4.0
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10287
4.6
4.0
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
9318
4.6
4.0
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
9344
4.6
4.0
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10051
4.6
4.0
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10049
4.6
4.0
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10378
4.6
4.0
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10379
4.6
4.0
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10483
4.6
4.0
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10543
5073723
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073723
5071544
11568
11569
11571
11572
Yes
Security Update
10.0.17763.8276
https://support.microsoft.com/help/5073723
11568
11569
11571
11572
5073723
5073723
https://support.microsoft.com/help/5073723
11568
11569
11571
11572
5073457
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073457
5071547
11923
11924
Yes
Security Update
10.0.20348.4648
https://support.microsoft.com/help/5073457
11923
11924
5073457
5073457
https://support.microsoft.com/help/5073457
11923
11924
5073724
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073724
5071546
11929
11930
11931
Yes
Security Update
10.0.19044.6809
https://support.microsoft.com/help/5073724
11929
11930
11931
5073724
5073724
https://support.microsoft.com/help/5073724
11929
11930
11931
12097
12098
12099
5073724
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073724
5071546
12097
12098
12099
Yes
Security Update
10.0.19045.6809
https://support.microsoft.com/help/5073724
12097
12098
12099
5073724
5073379
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073379
5072033
12437
12436
Yes
Security Update
10.0.26100.32230
https://support.microsoft.com/en-us/topic/a6021fd2-b3b7-45a7-b68e-35c28a2a77da
12437
12436
5073379
5073379
https://support.microsoft.com/help/5073379
12437
12436
5074109
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5074109
5072033
20437
20438
Yes
Security Update
10.0.26200.7623
https://support.microsoft.com/help/5074109
20437
20438
5074109
5074109
https://support.microsoft.com/help/5074109
20437
20438
12389
12390
5073455
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073455
5071417
12242
12243
Yes
Security Update
10.0.22631.6491
https://support.microsoft.com/help/5073455
12242
12243
5073455
5073455
https://support.microsoft.com/help/5073455
12242
12243
5073450
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073450
5071542
12244
Yes
Security Update
10.0.25398.2092
https://support.microsoft.com/help/5073450
12244
5073450
5073450
https://support.microsoft.com/help/5073450
12244
5074109
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5074109
5072033
12389
12390
Yes
Security Update
10.0.26100.7623
https://support.microsoft.com/help/5074109
12389
12390
5074109
5073722
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073722
5071543
10852
10853
10816
10855
Yes
Security Update
10.0.14393.8783
https://support.microsoft.com/help/5073722
10852
10853
10816
10855
5073722
5073697
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073697
5071504
9312
10287
9318
9344
Yes
Monthly Rollup
6.0.6003.23717
https://support.microsoft.com/help/5073697
9312
10287
9318
9344
5073697
5073700
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073700
9312
10287
9318
9344
Yes
Security Only
6.0.6003.23717
https://support.microsoft.com/help/5073700
9312
10287
9318
9344
5073700
5073695
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073695
5071501
10051
10049
Yes
Monthly Rollup
6.1.7601.28117
https://support.microsoft.com/help/5073695
10051
10049
5073695
5073699
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073699
10051
10049
Yes
Security Only
6.1.7601.28117
https://support.microsoft.com/help/5073699
10051
10049
5073699
5073698
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073698
5071505
10378
10379
Yes
Monthly Rollup
6.2.9200.25868
https://support.microsoft.com/help/5073698
10378
10379
5073698
5073696
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073696
5071503
10483
10543
Yes
Monthly Rollup
6.3.9600.22968
https://support.microsoft.com/help/5073696
10483
10543
5073696
Nacl
1.0
2026-01-13T08:00:00
<p>Information published.</p>
Capability Access Management Service (camsvc) Information Disclosure Vulnerability
<p>Out-of-bounds read in Capability Access Management Service (camsvc) allows an authorized attacker to disclose information locally.</p>
<p><strong>What type of information could be disclosed by this vulnerability?</strong></p>
<p>An attacker who successfully exploited this vulnerability could potentially read the memory of the Capability Access Manager service.</p>
Capability Access Management Service (camsvc)
Microsoft
Yes
CVE-2026-20835
Out-of-bounds Read
12437
20437
20438
12244
12389
12390
12436
Information Disclosure
12437
Information Disclosure
20437
Information Disclosure
20438
Information Disclosure
12244
Information Disclosure
12389
Information Disclosure
12390
Information Disclosure
12436
Important
12437
Important
20437
Important
20438
Important
12244
Important
12389
Important
12390
Important
12436
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12437
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
20437
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
20438
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12244
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12389
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12390
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12436
5073379
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073379
5072033
12437
12436
Yes
Security Update
10.0.26100.32230
https://support.microsoft.com/en-us/topic/a6021fd2-b3b7-45a7-b68e-35c28a2a77da
12437
12436
5073379
5073379
https://support.microsoft.com/help/5073379
12437
12436
5074109
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5074109
5072033
20437
20438
Yes
Security Update
10.0.26200.7623
https://support.microsoft.com/help/5074109
20437
20438
5074109
5074109
https://support.microsoft.com/help/5074109
20437
20438
12389
12390
5073450
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073450
5071542
12244
Yes
Security Update
10.0.25398.2092
https://support.microsoft.com/help/5073450
12244
5073450
5073450
https://support.microsoft.com/help/5073450
12244
5074109
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5074109
5072033
12389
12390
Yes
Security Update
10.0.26100.7623
https://support.microsoft.com/help/5074109
12389
12390
5074109
<a href="https://linkedin.com/in/jongseongkim">Jongseong Kim (nevul37), SEC-agent team</a>
<a href="https://linkedin.com/in/hwiwonlee">Hwiwon Lee (hwiwonl), SEC-agent team</a>
<a href="https://twitter.com/keyz3r0">k0shl</a>
1.0
2026-01-13T08:00:00
<p>Information published.</p>
DirectX Graphics Kernel Elevation of Privilege Vulnerability
<p>Concurrent execution using shared resource with improper synchronization ('race condition') in Graphics Kernel allows an authorized attacker to elevate privileges locally.</p>
<p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p>
<p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p>
<p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p>
<p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p>
Graphics Kernel
Microsoft
Yes
CVE-2026-20836
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
11568
11569
11571
11572
11923
11924
11929
11930
11931
12097
12098
12099
12437
20437
20438
12242
12243
12244
12389
12390
12436
10852
10853
10816
10855
Elevation of Privilege
11568
Elevation of Privilege
11569
Elevation of Privilege
11571
Elevation of Privilege
11572
Elevation of Privilege
11923
Elevation of Privilege
11924
Elevation of Privilege
11929
Elevation of Privilege
11930
Elevation of Privilege
11931
Elevation of Privilege
12097
Elevation of Privilege
12098
Elevation of Privilege
12099
Elevation of Privilege
12437
Elevation of Privilege
20437
Elevation of Privilege
20438
Elevation of Privilege
12242
Elevation of Privilege
12243
Elevation of Privilege
12244
Elevation of Privilege
12389
Elevation of Privilege
12390
Elevation of Privilege
12436
Elevation of Privilege
10852
Elevation of Privilege
10853
Elevation of Privilege
10816
Elevation of Privilege
10855
Important
11568
Important
11569
Important
11571
Important
11572
Important
11923
Important
11924
Important
11929
Important
11930
Important
11931
Important
12097
Important
12098
Important
12099
Important
12437
Important
20437
Important
20438
Important
12242
Important
12243
Important
12244
Important
12389
Important
12390
Important
12436
Important
10852
Important
10853
Important
10816
Important
10855
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11568
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11569
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11571
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11572
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11923
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11924
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11929
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11930
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11931
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12097
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12098
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12099
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12437
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
20437
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
20438
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12242
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12243
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12244
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12389
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12390
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12436
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10852
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10853
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10816
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10855
5073723
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073723
5071544
11568
11569
11571
11572
Yes
Security Update
10.0.17763.8276
https://support.microsoft.com/help/5073723
11568
11569
11571
11572
5073723
5073723
https://support.microsoft.com/help/5073723
11568
11569
11571
11572
5073457
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073457
5071547
11923
11924
Yes
Security Update
10.0.20348.4648
https://support.microsoft.com/help/5073457
11923
11924
5073457
5073457
https://support.microsoft.com/help/5073457
11923
11924
5073724
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073724
5071546
11929
11930
11931
Yes
Security Update
10.0.19044.6809
https://support.microsoft.com/help/5073724
11929
11930
11931
5073724
5073724
https://support.microsoft.com/help/5073724
11929
11930
11931
12097
12098
12099
5073724
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073724
5071546
12097
12098
12099
Yes
Security Update
10.0.19045.6809
https://support.microsoft.com/help/5073724
12097
12098
12099
5073724
5073379
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073379
5072033
12437
12436
Yes
Security Update
10.0.26100.32230
https://support.microsoft.com/en-us/topic/a6021fd2-b3b7-45a7-b68e-35c28a2a77da
12437
12436
5073379
5073379
https://support.microsoft.com/help/5073379
12437
12436
5074109
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5074109
5072033
20437
20438
Yes
Security Update
10.0.26200.7623
https://support.microsoft.com/help/5074109
20437
20438
5074109
5074109
https://support.microsoft.com/help/5074109
20437
20438
12389
12390
5073455
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073455
5071417
12242
12243
Yes
Security Update
10.0.22631.6491
https://support.microsoft.com/help/5073455
12242
12243
5073455
5073455
https://support.microsoft.com/help/5073455
12242
12243
5073450
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073450
5071542
12244
Yes
Security Update
10.0.25398.2092
https://support.microsoft.com/help/5073450
12244
5073450
5073450
https://support.microsoft.com/help/5073450
12244
5074109
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5074109
5072033
12389
12390
Yes
Security Update
10.0.26100.7623
https://support.microsoft.com/help/5074109
12389
12390
5074109
5073722
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073722
5071543
10852
10853
10816
10855
Yes
Security Update
10.0.14393.8783
https://support.microsoft.com/help/5073722
10852
10853
10816
10855
5073722
cyanbamboo and b2ahex
1.0
2026-01-13T08:00:00
<p>Information published.</p>
Windows Media Remote Code Execution Vulnerability
<p>Heap-based buffer overflow in Windows Media allows an unauthorized attacker to execute code locally.</p>
<p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p>
<p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability.</p>
Windows Media
Microsoft
Yes
CVE-2026-20837
Heap-based Buffer Overflow
11568
11569
11571
11572
11923
11924
11929
11930
11931
12097
12098
12099
12437
20437
20438
12242
12243
12244
12389
12390
12436
Remote Code Execution
11568
Remote Code Execution
11569
Remote Code Execution
11571
Remote Code Execution
11572
Remote Code Execution
11923
Remote Code Execution
11924
Remote Code Execution
11929
Remote Code Execution
11930
Remote Code Execution
11931
Remote Code Execution
12097
Remote Code Execution
12098
Remote Code Execution
12099
Remote Code Execution
12437
Remote Code Execution
20437
Remote Code Execution
20438
Remote Code Execution
12242
Remote Code Execution
12243
Remote Code Execution
12244
Remote Code Execution
12389
Remote Code Execution
12390
Remote Code Execution
12436
Important
11568
Important
11569
Important
11571
Important
11572
Important
11923
Important
11924
Important
11929
Important
11930
Important
11931
Important
12097
Important
12098
Important
12099
Important
12437
Important
20437
Important
20438
Important
12242
Important
12243
Important
12244
Important
12389
Important
12390
Important
12436
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11568
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11569
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11571
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11572
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11923
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11924
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11929
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11930
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11931
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12097
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12098
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12099
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12437
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
20437
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
20438
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12242
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12243
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12244
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12389
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12390
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12436
5073723
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073723
5071544
11568
11569
11571
11572
Yes
Security Update
10.0.17763.8276
https://support.microsoft.com/help/5073723
11568
11569
11571
11572
5073723
5073723
https://support.microsoft.com/help/5073723
11568
11569
11571
11572
5073457
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073457
5071547
11923
11924
Yes
Security Update
10.0.20348.4648
https://support.microsoft.com/help/5073457
11923
11924
5073457
5073457
https://support.microsoft.com/help/5073457
11923
11924
5073724
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073724
5071546
11929
11930
11931
Yes
Security Update
10.0.19044.6809
https://support.microsoft.com/help/5073724
11929
11930
11931
5073724
5073724
https://support.microsoft.com/help/5073724
11929
11930
11931
12097
12098
12099
5073724
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073724
5071546
12097
12098
12099
Yes
Security Update
10.0.19045.6809
https://support.microsoft.com/help/5073724
12097
12098
12099
5073724
5073379
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073379
5072033
12437
12436
Yes
Security Update
10.0.26100.32230
https://support.microsoft.com/en-us/topic/a6021fd2-b3b7-45a7-b68e-35c28a2a77da
12437
12436
5073379
5073379
https://support.microsoft.com/help/5073379
12437
12436
5074109
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5074109
5072033
20437
20438
Yes
Security Update
10.0.26200.7623
https://support.microsoft.com/help/5074109
20437
20438
5074109
5074109
https://support.microsoft.com/help/5074109
20437
20438
12389
12390
5073455
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073455
5071417
12242
12243
Yes
Security Update
10.0.22631.6491
https://support.microsoft.com/help/5073455
12242
12243
5073455
5073455
https://support.microsoft.com/help/5073455
12242
12243
5073450
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073450
5071542
12244
Yes
Security Update
10.0.25398.2092
https://support.microsoft.com/help/5073450
12244
5073450
5073450
https://support.microsoft.com/help/5073450
12244
5074109
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5074109
5072033
12389
12390
Yes
Security Update
10.0.26100.7623
https://support.microsoft.com/help/5074109
12389
12390
5074109
<a href="https://x.com/k3vinlusec">Kai Lu</a> with Palo Alto Networks
1.0
2026-01-13T08:00:00
<p>Information published.</p>
Windows Kernel Information Disclosure Vulnerability
<p>Generation of error message containing sensitive information in Windows Kernel allows an authorized attacker to disclose information locally.</p>
<p><strong>What type of information could be disclosed by this vulnerability?</strong></p>
<p>The type of information that could be disclosed if an attacker successfully exploited this vulnerability is Kernel memory read - unintentional read access to memory contents in kernel space from a user mode process.</p>
Windows Kernel
Microsoft
Yes
CVE-2026-20838
Generation of Error Message Containing Sensitive Information
11923
11924
12437
20437
20438
12242
12243
12244
12389
12390
12436
Information Disclosure
11923
Information Disclosure
11924
Information Disclosure
12437
Information Disclosure
20437
Information Disclosure
20438
Information Disclosure
12242
Information Disclosure
12243
Information Disclosure
12244
Information Disclosure
12389
Information Disclosure
12390
Information Disclosure
12436
Important
11923
Important
11924
Important
12437
Important
20437
Important
20438
Important
12242
Important
12243
Important
12244
Important
12389
Important
12390
Important
12436
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11923
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11924
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12437
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
20437
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
20438
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12242
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12243
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12244
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12389
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12390
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12436
5073457
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073457
5071547
11923
11924
Yes
Security Update
10.0.20348.4648
https://support.microsoft.com/help/5073457
11923
11924
5073457
5073457
https://support.microsoft.com/help/5073457
11923
11924
5073379
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073379
5072033
12437
12436
Yes
Security Update
10.0.26100.32230
https://support.microsoft.com/en-us/topic/a6021fd2-b3b7-45a7-b68e-35c28a2a77da
12437
12436
5073379
5073379
https://support.microsoft.com/help/5073379
12437
12436
5074109
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5074109
5072033
20437
20438
Yes
Security Update
10.0.26200.7623
https://support.microsoft.com/help/5074109
20437
20438
5074109
5074109
https://support.microsoft.com/help/5074109
20437
20438
12389
12390
5073455
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073455
5071417
12242
12243
Yes
Security Update
10.0.22631.6491
https://support.microsoft.com/help/5073455
12242
12243
5073455
5073455
https://support.microsoft.com/help/5073455
12242
12243
5073450
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073450
5071542
12244
Yes
Security Update
10.0.25398.2092
https://support.microsoft.com/help/5073450
12244
5073450
5073450
https://support.microsoft.com/help/5073450
12244
5074109
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5074109
5072033
12389
12390
Yes
Security Update
10.0.26100.7623
https://support.microsoft.com/help/5074109
12389
12390
5074109
Microsoft Offensive Research & Security Engineering
1.0
2026-01-13T08:00:00
<p>Information published.</p>
Windows Client-Side Caching (CSC) Service Information Disclosure Vulnerability
<p>Improper access control in Windows Client-Side Caching (CSC) Service allows an authorized attacker to disclose information locally.</p>
<p><strong>What type of information could be disclosed by this vulnerability?</strong></p>
<p>An attacker who successfully exploited this vulnerability could potentially read portions of heap memory.</p>
Windows Client-Side Caching (CSC) Service
Microsoft
Yes
CVE-2026-20839
Improper Access Control
11568
11569
11571
11572
11923
11924
11929
11930
11931
12097
12098
12099
12437
20437
20438
12242
12243
12244
12389
12390
12436
10852
10853
10816
10855
10051
10049
10378
10379
10483
10543
Information Disclosure
11568
Information Disclosure
11569
Information Disclosure
11571
Information Disclosure
11572
Information Disclosure
11923
Information Disclosure
11924
Information Disclosure
11929
Information Disclosure
11930
Information Disclosure
11931
Information Disclosure
12097
Information Disclosure
12098
Information Disclosure
12099
Information Disclosure
12437
Information Disclosure
20437
Information Disclosure
20438
Information Disclosure
12242
Information Disclosure
12243
Information Disclosure
12244
Information Disclosure
12389
Information Disclosure
12390
Information Disclosure
12436
Information Disclosure
10852
Information Disclosure
10853
Information Disclosure
10816
Information Disclosure
10855
Information Disclosure
10051
Information Disclosure
10049
Information Disclosure
10378
Information Disclosure
10379
Information Disclosure
10483
Information Disclosure
10543
Important
11568
Important
11569
Important
11571
Important
11572
Important
11923
Important
11924
Important
11929
Important
11930
Important
11931
Important
12097
Important
12098
Important
12099
Important
12437
Important
20437
Important
20438
Important
12242
Important
12243
Important
12244
Important
12389
Important
12390
Important
12436
Important
10852
Important
10853
Important
10816
Important
10855
Important
10051
Important
10049
Important
10378
Important
10379
Important
10483
Important
10543
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11568
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11569
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11571
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11572
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11923
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11924
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11929
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11930
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11931
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12097
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12098
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12099
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12437
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
20437
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
20438
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12242
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12243
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12244
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12389
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12390
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12436
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10852
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10853
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10816
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10855
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10051
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10049
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10378
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10379
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10483
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10543
5073723
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073723
5071544
11568
11569
11571
11572
Yes
Security Update
10.0.17763.8276
https://support.microsoft.com/help/5073723
11568
11569
11571
11572
5073723
5073723
https://support.microsoft.com/help/5073723
11568
11569
11571
11572
5073457
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073457
5071547
11923
11924
Yes
Security Update
10.0.20348.4648
https://support.microsoft.com/help/5073457
11923
11924
5073457
5073457
https://support.microsoft.com/help/5073457
11923
11924
5073724
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073724
5071546
11929
11930
11931
Yes
Security Update
10.0.19044.6809
https://support.microsoft.com/help/5073724
11929
11930
11931
5073724
5073724
https://support.microsoft.com/help/5073724
11929
11930
11931
12097
12098
12099
5073724
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073724
5071546
12097
12098
12099
Yes
Security Update
10.0.19045.6809
https://support.microsoft.com/help/5073724
12097
12098
12099
5073724
5073379
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073379
5072033
12437
12436
Yes
Security Update
10.0.26100.32230
https://support.microsoft.com/en-us/topic/a6021fd2-b3b7-45a7-b68e-35c28a2a77da
12437
12436
5073379
5073379
https://support.microsoft.com/help/5073379
12437
12436
5074109
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5074109
5072033
20437
20438
Yes
Security Update
10.0.26200.7623
https://support.microsoft.com/help/5074109
20437
20438
5074109
5074109
https://support.microsoft.com/help/5074109
20437
20438
12389
12390
5073455
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073455
5071417
12242
12243
Yes
Security Update
10.0.22631.6491
https://support.microsoft.com/help/5073455
12242
12243
5073455
5073455
https://support.microsoft.com/help/5073455
12242
12243
5073450
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073450
5071542
12244
Yes
Security Update
10.0.25398.2092
https://support.microsoft.com/help/5073450
12244
5073450
5073450
https://support.microsoft.com/help/5073450
12244
5074109
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5074109
5072033
12389
12390
Yes
Security Update
10.0.26100.7623
https://support.microsoft.com/help/5074109
12389
12390
5074109
5073722
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073722
5071543
10852
10853
10816
10855
Yes
Security Update
10.0.14393.8783
https://support.microsoft.com/help/5073722
10852
10853
10816
10855
5073722
5073695
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073695
5071501
10051
10049
Yes
Monthly Rollup
6.1.7601.28117
https://support.microsoft.com/help/5073695
10051
10049
5073695
5073699
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073699
10051
10049
Yes
Security Only
6.1.7601.28117
https://support.microsoft.com/help/5073699
10051
10049
5073699
5073698
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073698
5071505
10378
10379
Yes
Monthly Rollup
6.2.9200.25868
https://support.microsoft.com/help/5073698
10378
10379
5073698
5073696
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073696
5071503
10483
10543
Yes
Monthly Rollup
6.3.9600.22968
https://support.microsoft.com/help/5073696
10483
10543
5073696
Microsoft Offensive Research & Security Engineering
1.0
2026-01-13T08:00:00
<p>Information published.</p>
Windows NTFS Remote Code Execution Vulnerability
<p>Heap-based buffer overflow in Windows NTFS allows an authorized attacker to execute code locally.</p>
<p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p>
<p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability.</p>
<p><strong>According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability?</strong></p>
<p>Any authenticated attacker could trigger this vulnerability. It does not require admin or other elevated privileges.</p>
Windows NTFS
Microsoft
Yes
CVE-2026-20840
Heap-based Buffer Overflow
11568
11569
11571
11572
11923
11924
11929
11930
11931
12097
12098
12099
12437
20437
20438
12242
12243
12244
12389
12390
12436
10852
10853
10816
10855
9312
10287
9318
9344
10051
10049
10378
10379
10483
10543
Remote Code Execution
11568
Remote Code Execution
11569
Remote Code Execution
11571
Remote Code Execution
11572
Remote Code Execution
11923
Remote Code Execution
11924
Remote Code Execution
11929
Remote Code Execution
11930
Remote Code Execution
11931
Remote Code Execution
12097
Remote Code Execution
12098
Remote Code Execution
12099
Remote Code Execution
12437
Remote Code Execution
20437
Remote Code Execution
20438
Remote Code Execution
12242
Remote Code Execution
12243
Remote Code Execution
12244
Remote Code Execution
12389
Remote Code Execution
12390
Remote Code Execution
12436
Remote Code Execution
10852
Remote Code Execution
10853
Remote Code Execution
10816
Remote Code Execution
10855
Remote Code Execution
9312
Remote Code Execution
10287
Remote Code Execution
9318
Remote Code Execution
9344
Remote Code Execution
10051
Remote Code Execution
10049
Remote Code Execution
10378
Remote Code Execution
10379
Remote Code Execution
10483
Remote Code Execution
10543
Important
11568
Important
11569
Important
11571
Important
11572
Important
11923
Important
11924
Important
11929
Important
11930
Important
11931
Important
12097
Important
12098
Important
12099
Important
12437
Important
20437
Important
20438
Important
12242
Important
12243
Important
12244
Important
12389
Important
12390
Important
12436
Important
10852
Important
10853
Important
10816
Important
10855
Important
9312
Important
10287
Important
9318
Important
9344
Important
10051
Important
10049
Important
10378
Important
10379
Important
10483
Important
10543
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11568
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11569
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11571
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11572
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11923
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11924
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11929
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11930
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11931
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12097
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12098
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12099
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12437
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
20437
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
20438
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12242
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12243
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12244
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12389
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12390
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12436
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10852
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10853
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10816
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10855
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9312
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10287
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9318
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9344
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10051
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10049
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10378
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10379
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10483
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10543
5073723
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073723
5071544
11568
11569
11571
11572
Yes
Security Update
10.0.17763.8276
https://support.microsoft.com/help/5073723
11568
11569
11571
11572
5073723
5073723
https://support.microsoft.com/help/5073723
11568
11569
11571
11572
5073457
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073457
5071547
11923
11924
Yes
Security Update
10.0.20348.4648
https://support.microsoft.com/help/5073457
11923
11924
5073457
5073457
https://support.microsoft.com/help/5073457
11923
11924
5073724
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073724
5071546
11929
11930
11931
Yes
Security Update
10.0.19044.6809
https://support.microsoft.com/help/5073724
11929
11930
11931
5073724
5073724
https://support.microsoft.com/help/5073724
11929
11930
11931
12097
12098
12099
5073724
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073724
5071546
12097
12098
12099
Yes
Security Update
10.0.19045.6809
https://support.microsoft.com/help/5073724
12097
12098
12099
5073724
5073379
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073379
5072033
12437
12436
Yes
Security Update
10.0.26100.32230
https://support.microsoft.com/en-us/topic/a6021fd2-b3b7-45a7-b68e-35c28a2a77da
12437
12436
5073379
5073379
https://support.microsoft.com/help/5073379
12437
12436
5074109
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5074109
5072033
20437
20438
Yes
Security Update
10.0.26200.7623
https://support.microsoft.com/help/5074109
20437
20438
5074109
5074109
https://support.microsoft.com/help/5074109
20437
20438
12389
12390
5073455
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073455
5071417
12242
12243
Yes
Security Update
10.0.22631.6491
https://support.microsoft.com/help/5073455
12242
12243
5073455
5073455
https://support.microsoft.com/help/5073455
12242
12243
5073450
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073450
5071542
12244
Yes
Security Update
10.0.25398.2092
https://support.microsoft.com/help/5073450
12244
5073450
5073450
https://support.microsoft.com/help/5073450
12244
5074109
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5074109
5072033
12389
12390
Yes
Security Update
10.0.26100.7623
https://support.microsoft.com/help/5074109
12389
12390
5074109
5073722
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073722
5071543
10852
10853
10816
10855
Yes
Security Update
10.0.14393.8783
https://support.microsoft.com/help/5073722
10852
10853
10816
10855
5073722
5073697
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073697
5071504
9312
10287
9318
9344
Yes
Monthly Rollup
6.0.6003.23717
https://support.microsoft.com/help/5073697
9312
10287
9318
9344
5073697
5073700
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073700
9312
10287
9318
9344
Yes
Security Only
6.0.6003.23717
https://support.microsoft.com/help/5073700
9312
10287
9318
9344
5073700
5073695
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073695
5071501
10051
10049
Yes
Monthly Rollup
6.1.7601.28117
https://support.microsoft.com/help/5073695
10051
10049
5073695
5073699
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073699
10051
10049
Yes
Security Only
6.1.7601.28117
https://support.microsoft.com/help/5073699
10051
10049
5073699
5073698
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073698
5071505
10378
10379
Yes
Monthly Rollup
6.2.9200.25868
https://support.microsoft.com/help/5073698
10378
10379
5073698
5073696
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073696
5071503
10483
10543
Yes
Monthly Rollup
6.3.9600.22968
https://support.microsoft.com/help/5073696
10483
10543
5073696
<a href="https://x.com/immortalp0ny">Sergey Tarasov</a> with <a href="https://global.ptsecurity.com/en/">Positive Technologies</a>
1.0
2026-01-13T08:00:00
<p>Information published.</p>
Microsoft DWM Core Library Elevation of Privilege Vulnerability
<p>Use after free in Windows DWM allows an authorized attacker to elevate privileges locally.</p>
<p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p>
<p>For an attacker to exploit this vulnerability, they would need to have knowledge of a specific operation that triggers a memory allocation failure, specifically a use after free.</p>
<p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p>
<p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p>
Windows DWM
Microsoft
Yes
CVE-2026-20842
Use After Free
11923
11924
11929
11930
11931
12097
12098
12099
12437
20437
20438
12242
12243
12244
12389
12390
12436
Elevation of Privilege
11923
Elevation of Privilege
11924
Elevation of Privilege
11929
Elevation of Privilege
11930
Elevation of Privilege
11931
Elevation of Privilege
12097
Elevation of Privilege
12098
Elevation of Privilege
12099
Elevation of Privilege
12437
Elevation of Privilege
20437
Elevation of Privilege
20438
Elevation of Privilege
12242
Elevation of Privilege
12243
Elevation of Privilege
12244
Elevation of Privilege
12389
Elevation of Privilege
12390
Elevation of Privilege
12436
Important
11923
Important
11924
Important
11929
Important
11930
Important
11931
Important
12097
Important
12098
Important
12099
Important
12437
Important
20437
Important
20438
Important
12242
Important
12243
Important
12244
Important
12389
Important
12390
Important
12436
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11923
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11924
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11929
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11930
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11931
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12097
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12098
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12099
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12437
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
20437
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
20438
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12242
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12243
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12244
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12389
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12390
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12436
5073457
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073457
5071547
11923
11924
Yes
Security Update
10.0.20348.4648
https://support.microsoft.com/help/5073457
11923
11924
5073457
5073457
https://support.microsoft.com/help/5073457
11923
11924
5073724
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073724
5071546
11929
11930
11931
Yes
Security Update
10.0.19044.6809
https://support.microsoft.com/help/5073724
11929
11930
11931
5073724
5073724
https://support.microsoft.com/help/5073724
11929
11930
11931
12097
12098
12099
5073724
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073724
5071546
12097
12098
12099
Yes
Security Update
10.0.19045.6809
https://support.microsoft.com/help/5073724
12097
12098
12099
5073724
5073379
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073379
5072033
12437
12436
Yes
Security Update
10.0.26100.32230
https://support.microsoft.com/en-us/topic/a6021fd2-b3b7-45a7-b68e-35c28a2a77da
12437
12436
5073379
5073379
https://support.microsoft.com/help/5073379
12437
12436
5074109
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5074109
5072033
20437
20438
Yes
Security Update
10.0.26200.7623
https://support.microsoft.com/help/5074109
20437
20438
5074109
5074109
https://support.microsoft.com/help/5074109
20437
20438
12389
12390
5073455
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073455
5071417
12242
12243
Yes
Security Update
10.0.22631.6491
https://support.microsoft.com/help/5073455
12242
12243
5073455
5073455
https://support.microsoft.com/help/5073455
12242
12243
5073450
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073450
5071542
12244
Yes
Security Update
10.0.25398.2092
https://support.microsoft.com/help/5073450
12244
5073450
5073450
https://support.microsoft.com/help/5073450
12244
5074109
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5074109
5072033
12389
12390
Yes
Security Update
10.0.26100.7623
https://support.microsoft.com/help/5074109
12389
12390
5074109
Varun Goel
1.0
2026-01-13T08:00:00
<p>Information published.</p>
Windows Clipboard Server Elevation of Privilege Vulnerability
<p>Use after free in Windows Clipboard Server allows an unauthorized attacker to elevate privileges locally.</p>
<p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p>
<p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p>
<p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p>
<p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p>
Windows Clipboard Server
Microsoft
Yes
CVE-2026-20844
Use After Free
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
11568
11569
11571
11572
11923
11924
11929
11930
11931
12097
12098
12099
12437
20437
20438
12242
12243
12244
12389
12390
12436
10852
10853
10816
10855
Elevation of Privilege
11568
Elevation of Privilege
11569
Elevation of Privilege
11571
Elevation of Privilege
11572
Elevation of Privilege
11923
Elevation of Privilege
11924
Elevation of Privilege
11929
Elevation of Privilege
11930
Elevation of Privilege
11931
Elevation of Privilege
12097
Elevation of Privilege
12098
Elevation of Privilege
12099
Elevation of Privilege
12437
Elevation of Privilege
20437
Elevation of Privilege
20438
Elevation of Privilege
12242
Elevation of Privilege
12243
Elevation of Privilege
12244
Elevation of Privilege
12389
Elevation of Privilege
12390
Elevation of Privilege
12436
Elevation of Privilege
10852
Elevation of Privilege
10853
Elevation of Privilege
10816
Elevation of Privilege
10855
Important
11568
Important
11569
Important
11571
Important
11572
Important
11923
Important
11924
Important
11929
Important
11930
Important
11931
Important
12097
Important
12098
Important
12099
Important
12437
Important
20437
Important
20438
Important
12242
Important
12243
Important
12244
Important
12389
Important
12390
Important
12436
Important
10852
Important
10853
Important
10816
Important
10855
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
7.4
6.4
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11568
7.4
6.4
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11569
7.4
6.4
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11571
7.4
6.4
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11572
7.4
6.4
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11923
7.4
6.4
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11924
7.4
6.4
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11929
7.4
6.4
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11930
7.4
6.4
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11931
7.4
6.4
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12097
7.4
6.4
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12098
7.4
6.4
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12099
7.4
6.4
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12437
7.4
6.4
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
20437
7.4
6.4
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
20438
7.4
6.4
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12242
7.4
6.4
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12243
7.4
6.4
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12244
7.4
6.4
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12389
7.4
6.4
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12390
7.4
6.4
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12436
7.4
6.4
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10852
7.4
6.4
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10853
7.4
6.4
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10816
7.4
6.4
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10855
5073723
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073723
5071544
11568
11569
11571
11572
Yes
Security Update
10.0.17763.8276
https://support.microsoft.com/help/5073723
11568
11569
11571
11572
5073723
5073723
https://support.microsoft.com/help/5073723
11568
11569
11571
11572
5073457
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073457
5071547
11923
11924
Yes
Security Update
10.0.20348.4648
https://support.microsoft.com/help/5073457
11923
11924
5073457
5073457
https://support.microsoft.com/help/5073457
11923
11924
5073724
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073724
5071546
11929
11930
11931
Yes
Security Update
10.0.19044.6809
https://support.microsoft.com/help/5073724
11929
11930
11931
5073724
5073724
https://support.microsoft.com/help/5073724
11929
11930
11931
12097
12098
12099
5073724
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073724
5071546
12097
12098
12099
Yes
Security Update
10.0.19045.6809
https://support.microsoft.com/help/5073724
12097
12098
12099
5073724
5073379
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073379
5072033
12437
12436
Yes
Security Update
10.0.26100.32230
https://support.microsoft.com/en-us/topic/a6021fd2-b3b7-45a7-b68e-35c28a2a77da
12437
12436
5073379
5073379
https://support.microsoft.com/help/5073379
12437
12436
5074109
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5074109
5072033
20437
20438
Yes
Security Update
10.0.26200.7623
https://support.microsoft.com/help/5074109
20437
20438
5074109
5074109
https://support.microsoft.com/help/5074109
20437
20438
12389
12390
5073455
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073455
5071417
12242
12243
Yes
Security Update
10.0.22631.6491
https://support.microsoft.com/help/5073455
12242
12243
5073455
5073455
https://support.microsoft.com/help/5073455
12242
12243
5073450
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073450
5071542
12244
Yes
Security Update
10.0.25398.2092
https://support.microsoft.com/help/5073450
12244
5073450
5073450
https://support.microsoft.com/help/5073450
12244
5074109
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5074109
5072033
12389
12390
Yes
Security Update
10.0.26100.7623
https://support.microsoft.com/help/5074109
12389
12390
5074109
5073722
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073722
5071543
10852
10853
10816
10855
Yes
Security Update
10.0.14393.8783
https://support.microsoft.com/help/5073722
10852
10853
10816
10855
5073722
Anonymous
1.0
2026-01-13T08:00:00
<p>Information published.</p>
MITRE: CVE-2023-31096 Windows Agere Soft Modem Driver Elevation of Privilege Vulnerability
<p>Microsoft is aware of vulnerabilities in the third party Agere Soft Modem drivers that ship natively with supported Windows operating systems. This is an announcement of the removal of agrsm64.sys and agrsm.sys drivers. The drivers have been removed in the January 2026 cumulative update.</p>
<p><strong>Soft modem hardware dependent on these specific drivers will no longer work on Windows.</strong></p>
<p>Microsoft recommends removing any existing dependencies on this hardware.</p>
<p>This vulnerability was documented in 2023 via a <a href="https://www.cve.org/CVERecord?id=CVE-2023-31096">CVE-2023-31096</a> issued by MITRE.</p>
<p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p>
<p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p>
<p><strong>Is the vulnerability only exploitable if the Agere <em>Soft</em> Modem is actively being used?</strong></p>
<p>No. All supported versions of Windows can be affected by a successful exploitation of this vulnerability, even if the modem is not actively being used.</p>
Agere Windows Modem Driver
MITRE Corporation
Yes
CVE-2023-31096
Stack-based Buffer Overflow
11568
11569
11571
11572
11923
11924
11929
11930
11931
12097
12098
12099
12437
20437
20438
12242
12243
12244
12389
12390
12436
10852
10853
10816
10855
9312
10287
9318
9344
10051
10049
10378
10379
10483
10543
Elevation of Privilege
11568
Elevation of Privilege
11569
Elevation of Privilege
11571
Elevation of Privilege
11572
Elevation of Privilege
11923
Elevation of Privilege
11924
Elevation of Privilege
11929
Elevation of Privilege
11930
Elevation of Privilege
11931
Elevation of Privilege
12097
Elevation of Privilege
12098
Elevation of Privilege
12099
Elevation of Privilege
12437
Elevation of Privilege
20437
Elevation of Privilege
20438
Elevation of Privilege
12242
Elevation of Privilege
12243
Elevation of Privilege
12244
Elevation of Privilege
12389
Elevation of Privilege
12390
Elevation of Privilege
12436
Elevation of Privilege
10852
Elevation of Privilege
10853
Elevation of Privilege
10816
Elevation of Privilege
10855
Elevation of Privilege
9312
Elevation of Privilege
10287
Elevation of Privilege
9318
Elevation of Privilege
9344
Elevation of Privilege
10051
Elevation of Privilege
10049
Elevation of Privilege
10378
Elevation of Privilege
10379
Elevation of Privilege
10483
Elevation of Privilege
10543
Important
11568
Important
11569
Important
11571
Important
11572
Important
11923
Important
11924
Important
11929
Important
11930
Important
11931
Important
12097
Important
12098
Important
12099
Important
12437
Important
20437
Important
20438
Important
12242
Important
12243
Important
12244
Important
12389
Important
12390
Important
12436
Important
10852
Important
10853
Important
10816
Important
10855
Important
9312
Important
10287
Important
9318
Important
9344
Important
10051
Important
10049
Important
10378
Important
10379
Important
10483
Important
10543
Publicly Disclosed:Yes;Exploited:No;Latest Software Release:Exploitation More Likely
7.8
7.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
11568
7.8
7.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
11569
7.8
7.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
11571
7.8
7.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
11572
7.8
7.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
11923
7.8
7.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
11924
7.8
7.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
11929
7.8
7.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
11930
7.8
7.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
11931
7.8
7.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
12097
7.8
7.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
12098
7.8
7.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
12099
7.8
7.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
12437
7.8
7.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
20437
7.8
7.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
20438
7.8
7.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
12242
7.8
7.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
12243
7.8
7.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
12244
7.8
7.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
12389
7.8
7.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
12390
7.8
7.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
12436
7.8
7.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
10852
7.8
7.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
10853
7.8
7.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
10816
7.8
7.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
10855
7.8
7.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
9312
7.8
7.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
10287
7.8
7.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
9318
7.8
7.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
9344
7.8
7.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
10051
7.8
7.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
10049
7.8
7.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
10378
7.8
7.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
10379
7.8
7.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
10483
7.8
7.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
10543
5073723
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073723
5071544
11568
11569
11571
11572
Yes
Security Update
10.0.17763.8276
https://support.microsoft.com/help/5073723
11568
11569
11571
11572
5073723
5073723
https://support.microsoft.com/help/5073723
11568
11569
11571
11572
5073457
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073457
5071547
11923
11924
Yes
Security Update
10.0.20348.4648
https://support.microsoft.com/help/5073457
11923
11924
5073457
5073457
https://support.microsoft.com/help/5073457
11923
11924
5073724
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073724
5071546
11929
11930
11931
Yes
Security Update
10.0.19044.6809
https://support.microsoft.com/help/5073724
11929
11930
11931
5073724
5073724
https://support.microsoft.com/help/5073724
11929
11930
11931
12097
12098
12099
5073724
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073724
5071546
12097
12098
12099
Yes
Security Update
10.0.19045.6809
https://support.microsoft.com/help/5073724
12097
12098
12099
5073724
5073379
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073379
5072033
12437
12436
Yes
Security Update
10.0.26100.32230
https://support.microsoft.com/en-us/topic/a6021fd2-b3b7-45a7-b68e-35c28a2a77da
12437
12436
5073379
5073379
https://support.microsoft.com/help/5073379
12437
12436
5074109
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5074109
5072033
20437
20438
Yes
Security Update
10.0.26200.7623
https://support.microsoft.com/help/5074109
20437
20438
5074109
5074109
https://support.microsoft.com/help/5074109
20437
20438
12389
12390
5073455
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073455
5071417
12242
12243
Yes
Security Update
10.0.22631.6491
https://support.microsoft.com/help/5073455
12242
12243
5073455
5073455
https://support.microsoft.com/help/5073455
12242
12243
5073450
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073450
5071542
12244
Yes
Security Update
10.0.25398.2092
https://support.microsoft.com/help/5073450
12244
5073450
5073450
https://support.microsoft.com/help/5073450
12244
5074109
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5074109
5072033
12389
12390
Yes
Security Update
10.0.26100.7623
https://support.microsoft.com/help/5074109
12389
12390
5074109
5073722
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073722
5071543
10852
10853
10816
10855
Yes
Security Update
10.0.14393.8783
https://support.microsoft.com/help/5073722
10852
10853
10816
10855
5073722
5073697
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073697
5071504
9312
10287
9318
9344
Yes
Monthly Rollup
6.0.6003.23717
https://support.microsoft.com/help/5073697
9312
10287
9318
9344
5073697
5073700
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073700
9312
10287
9318
9344
Yes
Security Only
6.0.6003.23717
https://support.microsoft.com/help/5073700
9312
10287
9318
9344
5073700
5073695
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073695
5071501
10051
10049
Yes
Monthly Rollup
6.1.7601.28117
https://support.microsoft.com/help/5073695
10051
10049
5073695
5073699
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073699
10051
10049
Yes
Security Only
6.1.7601.28117
https://support.microsoft.com/help/5073699
10051
10049
5073699
5073698
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073698
5071505
10378
10379
Yes
Monthly Rollup
6.2.9200.25868
https://support.microsoft.com/help/5073698
10378
10379
5073698
5073696
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073696
5071503
10483
10543
Yes
Monthly Rollup
6.3.9600.22968
https://support.microsoft.com/help/5073696
10483
10543
5073696
<a href="https://github.com/zeze-zeze">Zeze</a> with <a href="https://teamt5.org/tw/">TeamT5</a>
1.0
2026-01-13T08:00:00
<p>Information published.</p>
Microsoft Windows File Explorer Spoofing Vulnerability
<p>Exposure of sensitive information to an unauthorized actor in Windows Shell allows an authorized attacker to perform spoofing over a network.</p>
Windows Shell
Microsoft
Yes
CVE-2026-20847
Exposure of Sensitive Information to an Unauthorized Actor
11568
11569
11571
11572
11923
11924
11929
11930
11931
12097
12098
12099
12437
20437
20438
12242
12243
12244
12389
12390
12436
10852
10853
10816
10855
10051
10049
10378
10379
10483
10543
Spoofing
11568
Spoofing
11569
Spoofing
11571
Spoofing
11572
Spoofing
11923
Spoofing
11924
Spoofing
11929
Spoofing
11930
Spoofing
11931
Spoofing
12097
Spoofing
12098
Spoofing
12099
Spoofing
12437
Spoofing
20437
Spoofing
20438
Spoofing
12242
Spoofing
12243
Spoofing
12244
Spoofing
12389
Spoofing
12390
Spoofing
12436
Spoofing
10852
Spoofing
10853
Spoofing
10816
Spoofing
10855
Spoofing
10051
Spoofing
10049
Spoofing
10378
Spoofing
10379
Spoofing
10483
Spoofing
10543
Important
11568
Important
11569
Important
11571
Important
11572
Important
11923
Important
11924
Important
11929
Important
11930
Important
11931
Important
12097
Important
12098
Important
12099
Important
12437
Important
20437
Important
20438
Important
12242
Important
12243
Important
12244
Important
12389
Important
12390
Important
12436
Important
10852
Important
10853
Important
10816
Important
10855
Important
10051
Important
10049
Important
10378
Important
10379
Important
10483
Important
10543
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11568
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11569
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11571
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11572
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11923
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11924
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11929
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11930
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11931
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12097
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12098
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12099
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12437
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
20437
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
20438
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12242
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12243
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12244
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12389
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12390
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12436
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10852
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10853
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10816
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10855
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10051
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10049
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10378
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10379
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10483
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10543
5073723
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073723
5071544
11568
11569
11571
11572
Yes
Security Update
10.0.17763.8276
https://support.microsoft.com/help/5073723
11568
11569
11571
11572
5073723
5073723
https://support.microsoft.com/help/5073723
11568
11569
11571
11572
5073457
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073457
5071547
11923
11924
Yes
Security Update
10.0.20348.4648
https://support.microsoft.com/help/5073457
11923
11924
5073457
5073457
https://support.microsoft.com/help/5073457
11923
11924
5073724
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073724
5071546
11929
11930
11931
Yes
Security Update
10.0.19044.6809
https://support.microsoft.com/help/5073724
11929
11930
11931
5073724
5073724
https://support.microsoft.com/help/5073724
11929
11930
11931
12097
12098
12099
5073724
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073724
5071546
12097
12098
12099
Yes
Security Update
10.0.19045.6809
https://support.microsoft.com/help/5073724
12097
12098
12099
5073724
5073379
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073379
5072033
12437
12436
Yes
Security Update
10.0.26100.32230
https://support.microsoft.com/en-us/topic/a6021fd2-b3b7-45a7-b68e-35c28a2a77da
12437
12436
5073379
5073379
https://support.microsoft.com/help/5073379
12437
12436
5074109
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5074109
5072033
20437
20438
Yes
Security Update
10.0.26200.7623
https://support.microsoft.com/help/5074109
20437
20438
5074109
5074109
https://support.microsoft.com/help/5074109
20437
20438
12389
12390
5073455
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073455
5071417
12242
12243
Yes
Security Update
10.0.22631.6491
https://support.microsoft.com/help/5073455
12242
12243
5073455
5073455
https://support.microsoft.com/help/5073455
12242
12243
5073450
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073450
5071542
12244
Yes
Security Update
10.0.25398.2092
https://support.microsoft.com/help/5073450
12244
5073450
5073450
https://support.microsoft.com/help/5073450
12244
5074109
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5074109
5072033
12389
12390
Yes
Security Update
10.0.26100.7623
https://support.microsoft.com/help/5074109
12389
12390
5074109
5073722
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073722
5071543
10852
10853
10816
10855
Yes
Security Update
10.0.14393.8783
https://support.microsoft.com/help/5073722
10852
10853
10816
10855
5073722
5073695
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073695
5071501
10051
10049
Yes
Monthly Rollup
6.1.7601.28117
https://support.microsoft.com/help/5073695
10051
10049
5073695
5073699
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073699
10051
10049
Yes
Security Only
6.1.7601.28117
https://support.microsoft.com/help/5073699
10051
10049
5073699
5073698
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073698
5071505
10378
10379
Yes
Monthly Rollup
6.2.9200.25868
https://support.microsoft.com/help/5073698
10378
10379
5073698
5073696
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073696
5071503
10483
10543
Yes
Monthly Rollup
6.3.9600.22968
https://support.microsoft.com/help/5073696
10483
10543
5073696
<a href="http://linkedin.com/in/ruben-en">Ruben Enkaoua</a>
1.0
2026-01-13T08:00:00
<p>Information published.</p>
Capability Access Management Service (camsvc) Information Disclosure Vulnerability
<p>Out-of-bounds read in Capability Access Management Service (camsvc) allows an unauthorized attacker to disclose information locally.</p>
<p><strong>What type of information could be disclosed by this vulnerability?</strong></p>
<p>The type of information that could be disclosed if an attacker successfully exploited this vulnerability is sensitive information.</p>
Capability Access Management Service (camsvc)
Microsoft
Yes
CVE-2026-20851
Out-of-bounds Read
12437
20437
20438
12389
12390
12436
Information Disclosure
12437
Information Disclosure
20437
Information Disclosure
20438
Information Disclosure
12389
Information Disclosure
12390
Information Disclosure
12436
Important
12437
Important
20437
Important
20438
Important
12389
Important
12390
Important
12436
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
6.2
5.4
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12437
6.2
5.4
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
20437
6.2
5.4
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
20438
6.2
5.4
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12389
6.2
5.4
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12390
6.2
5.4
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12436
5073379
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073379
5072033
12437
12436
Yes
Security Update
10.0.26100.32230
https://support.microsoft.com/en-us/topic/a6021fd2-b3b7-45a7-b68e-35c28a2a77da
12437
12436
5073379
5073379
https://support.microsoft.com/help/5073379
12437
12436
5074109
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5074109
5072033
20437
20438
Yes
Security Update
10.0.26200.7623
https://support.microsoft.com/help/5074109
20437
20438
5074109
5074109
https://support.microsoft.com/help/5074109
20437
20438
12389
12390
5074109
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5074109
5072033
12389
12390
Yes
Security Update
10.0.26100.7623
https://support.microsoft.com/help/5074109
12389
12390
5074109
<a href="https://twitter.com/keyz3r0">k0shl</a>
1.0
2026-01-13T08:00:00
<p>Information published.</p>
Windows Hello Tampering Vulnerability
<p>Incorrect privilege assignment in Windows Hello allows an unauthorized attacker to perform tampering locally.</p>
Windows Hello
Microsoft
Yes
CVE-2026-20852
Incorrect Privilege Assignment
11568
11569
11571
11572
11923
11924
11929
11930
11931
12097
12098
12099
12437
20437
20438
12242
12243
12244
12389
12390
12436
10852
10853
10816
10855
Tampering
11568
Tampering
11569
Tampering
11571
Tampering
11572
Tampering
11923
Tampering
11924
Tampering
11929
Tampering
11930
Tampering
11931
Tampering
12097
Tampering
12098
Tampering
12099
Tampering
12437
Tampering
20437
Tampering
20438
Tampering
12242
Tampering
12243
Tampering
12244
Tampering
12389
Tampering
12390
Tampering
12436
Tampering
10852
Tampering
10853
Tampering
10816
Tampering
10855
Important
11568
Important
11569
Important
11571
Important
11572
Important
11923
Important
11924
Important
11929
Important
11930
Important
11931
Important
12097
Important
12098
Important
12099
Important
12437
Important
20437
Important
20438
Important
12242
Important
12243
Important
12244
Important
12389
Important
12390
Important
12436
Important
10852
Important
10853
Important
10816
Important
10855
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
7.7
6.7
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
11568
7.7
6.7
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
11569
7.7
6.7
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
11571
7.7
6.7
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
11572
7.7
6.7
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
11923
7.7
6.7
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
11924
7.7
6.7
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
11929
7.7
6.7
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
11930
7.7
6.7
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
11931
7.7
6.7
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
12097
7.7
6.7
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
12098
7.7
6.7
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
12099
7.7
6.7
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
12437
7.7
6.7
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
20437
7.7
6.7
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
20438
7.7
6.7
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
12242
7.7
6.7
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
12243
7.7
6.7
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
12244
7.7
6.7
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
12389
7.7
6.7
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
12390
7.7
6.7
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
12436
7.7
6.7
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
10852
7.7
6.7
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
10853
7.7
6.7
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
10816
7.7
6.7
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
10855
5073723
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073723
5071544
11568
11569
11571
11572
Yes
Security Update
10.0.17763.8276
https://support.microsoft.com/help/5073723
11568
11569
11571
11572
5073723
5073723
https://support.microsoft.com/help/5073723
11568
11569
11571
11572
5073457
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073457
5071547
11923
11924
Yes
Security Update
10.0.20348.4648
https://support.microsoft.com/help/5073457
11923
11924
5073457
5073457
https://support.microsoft.com/help/5073457
11923
11924
5073724
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073724
5071546
11929
11930
11931
Yes
Security Update
10.0.19044.6809
https://support.microsoft.com/help/5073724
11929
11930
11931
5073724
5073724
https://support.microsoft.com/help/5073724
11929
11930
11931
12097
12098
12099
5073724
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073724
5071546
12097
12098
12099
Yes
Security Update
10.0.19045.6809
https://support.microsoft.com/help/5073724
12097
12098
12099
5073724
5073379
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073379
5072033
12437
12436
Yes
Security Update
10.0.26100.32230
https://support.microsoft.com/en-us/topic/a6021fd2-b3b7-45a7-b68e-35c28a2a77da
12437
12436
5073379
5073379
https://support.microsoft.com/help/5073379
12437
12436
5074109
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5074109
5072033
20437
20438
Yes
Security Update
10.0.26200.7623
https://support.microsoft.com/help/5074109
20437
20438
5074109
5074109
https://support.microsoft.com/help/5074109
20437
20438
12389
12390
5073455
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073455
5071417
12242
12243
Yes
Security Update
10.0.22631.6491
https://support.microsoft.com/help/5073455
12242
12243
5073455
5073455
https://support.microsoft.com/help/5073455
12242
12243
5073450
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073450
5071542
12244
Yes
Security Update
10.0.25398.2092
https://support.microsoft.com/help/5073450
12244
5073450
5073450
https://support.microsoft.com/help/5073450
12244
5074109
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5074109
5072033
12389
12390
Yes
Security Update
10.0.26100.7623
https://support.microsoft.com/help/5074109
12389
12390
5074109
5073722
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073722
5071543
10852
10853
10816
10855
Yes
Security Update
10.0.14393.8783
https://support.microsoft.com/help/5073722
10852
10853
10816
10855
5073722
1.0
2026-01-13T08:00:00
<p>Information published.</p>
Windows Server Update Service (WSUS) Remote Code Execution Vulnerability
<p>Improper input validation in Windows Server Update Service allows an unauthorized attacker to execute code over a network.</p>
<p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p>
<p>The attacker must inject themselves into the logical network path between the target and the resource requested by the victim to read or modify network communications. This is called a machine-in-the-middle (MITM) attack.</p>
Windows Server Update Service
Microsoft
Yes
CVE-2026-20856
Improper Input Validation
11568
11569
11571
11572
11923
11924
11929
11930
11931
12097
12098
12099
12437
20437
20438
12242
12243
12244
12389
12390
12436
10852
10853
10816
10855
10378
10379
10483
10543
Remote Code Execution
11568
Remote Code Execution
11569
Remote Code Execution
11571
Remote Code Execution
11572
Remote Code Execution
11923
Remote Code Execution
11924
Remote Code Execution
11929
Remote Code Execution
11930
Remote Code Execution
11931
Remote Code Execution
12097
Remote Code Execution
12098
Remote Code Execution
12099
Remote Code Execution
12437
Remote Code Execution
20437
Remote Code Execution
20438
Remote Code Execution
12242
Remote Code Execution
12243
Remote Code Execution
12244
Remote Code Execution
12389
Remote Code Execution
12390
Remote Code Execution
12436
Remote Code Execution
10852
Remote Code Execution
10853
Remote Code Execution
10816
Remote Code Execution
10855
Remote Code Execution
10378
Remote Code Execution
10379
Remote Code Execution
10483
Remote Code Execution
10543
Important
11568
Important
11569
Important
11571
Important
11572
Important
11923
Important
11924
Important
11929
Important
11930
Important
11931
Important
12097
Important
12098
Important
12099
Important
12437
Important
20437
Important
20438
Important
12242
Important
12243
Important
12244
Important
12389
Important
12390
Important
12436
Important
10852
Important
10853
Important
10816
Important
10855
Important
10378
Important
10379
Important
10483
Important
10543
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11568
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11569
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11571
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11572
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11923
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11924
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11929
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11930
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11931
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12097
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12098
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12099
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12437
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
20437
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
20438
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12242
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12243
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12244
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12389
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12390
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12436
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10852
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10853
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10816
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10855
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10378
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10379
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10483
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10543
5073723
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073723
5071544
11568
11569
11571
11572
Yes
Security Update
10.0.17763.8276
https://support.microsoft.com/help/5073723
11568
11569
11571
11572
5073723
5073723
https://support.microsoft.com/help/5073723
11568
11569
11571
11572
5073457
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073457
5071547
11923
11924
Yes
Security Update
10.0.20348.4648
https://support.microsoft.com/help/5073457
11923
11924
5073457
5073457
https://support.microsoft.com/help/5073457
11923
11924
5073724
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073724
5071546
11929
11930
11931
Yes
Security Update
10.0.19044.6809
https://support.microsoft.com/help/5073724
11929
11930
11931
5073724
5073724
https://support.microsoft.com/help/5073724
11929
11930
11931
12097
12098
12099
5073724
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073724
5071546
12097
12098
12099
Yes
Security Update
10.0.19045.6809
https://support.microsoft.com/help/5073724
12097
12098
12099
5073724
5073379
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073379
5072033
12437
12436
Yes
Security Update
10.0.26100.32230
https://support.microsoft.com/en-us/topic/a6021fd2-b3b7-45a7-b68e-35c28a2a77da
12437
12436
5073379
5073379
https://support.microsoft.com/help/5073379
12437
12436
5074109
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5074109
5072033
20437
20438
Yes
Security Update
10.0.26200.7623
https://support.microsoft.com/help/5074109
20437
20438
5074109
5074109
https://support.microsoft.com/help/5074109
20437
20438
12389
12390
5073455
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073455
5071417
12242
12243
Yes
Security Update
10.0.22631.6491
https://support.microsoft.com/help/5073455
12242
12243
5073455
5073455
https://support.microsoft.com/help/5073455
12242
12243
5073450
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073450
5071542
12244
Yes
Security Update
10.0.25398.2092
https://support.microsoft.com/help/5073450
12244
5073450
5073450
https://support.microsoft.com/help/5073450
12244
5074109
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5074109
5072033
12389
12390
Yes
Security Update
10.0.26100.7623
https://support.microsoft.com/help/5074109
12389
12390
5074109
5073722
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073722
5071543
10852
10853
10816
10855
Yes
Security Update
10.0.14393.8783
https://support.microsoft.com/help/5073722
10852
10853
10816
10855
5073722
5073698
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073698
5071505
10378
10379
Yes
Monthly Rollup
6.2.9200.25868
https://support.microsoft.com/help/5073698
10378
10379
5073698
5073696
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073696
5071503
10483
10543
Yes
Monthly Rollup
6.3.9600.22968
https://support.microsoft.com/help/5073696
10483
10543
5073696
<a href="https://github.com/chrisgward">Chris Ward</a>
1.0
2026-01-13T08:00:00
<p>Information published.</p>
1.1
2026-01-15T08:00:00
<p>Updated acknowledgment. This is an informational change only.</p>
Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
<p>Untrusted pointer dereference in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally.</p>
<p><strong>What privileges could be gained by an attacker who successfully exploited the vulnerability?</strong></p>
<p>An attacker who successfully exploited this vulnerability could gain specific limited SYSTEM privileges.</p>
Windows Cloud Files Mini Filter Driver
Microsoft
Yes
CVE-2026-20857
Untrusted Pointer Dereference
20437
20438
11568
11569
11571
11572
11923
11924
11929
11930
11931
12097
12098
12099
12437
12242
12243
12244
12389
12390
12436
Elevation of Privilege
20437
Elevation of Privilege
20438
Elevation of Privilege
11568
Elevation of Privilege
11569
Elevation of Privilege
11571
Elevation of Privilege
11572
Elevation of Privilege
11923
Elevation of Privilege
11924
Elevation of Privilege
11929
Elevation of Privilege
11930
Elevation of Privilege
11931
Elevation of Privilege
12097
Elevation of Privilege
12098
Elevation of Privilege
12099
Elevation of Privilege
12437
Elevation of Privilege
12242
Elevation of Privilege
12243
Elevation of Privilege
12244
Elevation of Privilege
12389
Elevation of Privilege
12390
Elevation of Privilege
12436
Important
20437
Important
20438
Important
11568
Important
11569
Important
11571
Important
11572
Important
11923
Important
11924
Important
11929
Important
11930
Important
11931
Important
12097
Important
12098
Important
12099
Important
12437
Important
12242
Important
12243
Important
12244
Important
12389
Important
12390
Important
12436
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
20437
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
20438
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11568
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11569
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11571
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11572
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11923
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11924
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11929
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11930
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11931
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12097
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12098
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12099
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12437
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12242
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12243
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12244
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12389
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12390
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12436
5074109
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5074109
5072033
20437
20438
Yes
Security Update
10.0.26200.7623
https://support.microsoft.com/help/5074109
20437
20438
5074109
5074109
https://support.microsoft.com/help/5074109
20437
20438
12389
12390
5073723
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073723
5071544
11568
11569
11571
11572
Yes
Security Update
10.0.17763.8276
https://support.microsoft.com/help/5073723
11568
11569
11571
11572
5073723
5073723
https://support.microsoft.com/help/5073723
11568
11569
11571
11572
5073457
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073457
5071547
11923
11924
Yes
Security Update
10.0.20348.4648
https://support.microsoft.com/help/5073457
11923
11924
5073457
5073457
https://support.microsoft.com/help/5073457
11923
11924
5073724
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073724
5071546
11929
11930
11931
Yes
Security Update
10.0.19044.6809
https://support.microsoft.com/help/5073724
11929
11930
11931
5073724
5073724
https://support.microsoft.com/help/5073724
11929
11930
11931
12097
12098
12099
5073724
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073724
5071546
12097
12098
12099
Yes
Security Update
10.0.19045.6809
https://support.microsoft.com/help/5073724
12097
12098
12099
5073724
5073379
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073379
5072033
12437
12436
Yes
Security Update
10.0.26100.32230
https://support.microsoft.com/en-us/topic/a6021fd2-b3b7-45a7-b68e-35c28a2a77da
12437
12436
5073379
5073379
https://support.microsoft.com/help/5073379
12437
12436
5073455
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073455
5071417
12242
12243
Yes
Security Update
10.0.22631.6491
https://support.microsoft.com/help/5073455
12242
12243
5073455
5073455
https://support.microsoft.com/help/5073455
12242
12243
5073450
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073450
5071542
12244
Yes
Security Update
10.0.25398.2092
https://support.microsoft.com/help/5073450
12244
5073450
5073450
https://support.microsoft.com/help/5073450
12244
5074109
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5074109
5072033
12389
12390
Yes
Security Update
10.0.26100.7623
https://support.microsoft.com/help/5074109
12389
12390
5074109
haowei yan(jingdong dawnslab)
1.0
2026-01-13T08:00:00
<p>Information published.</p>
Windows Management Services Elevation of Privilege Vulnerability
<p>Use after free in Windows Management Services allows an authorized attacker to elevate privileges locally.</p>
<p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p>
<p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p>
<p><strong>According to the CVSS metric, successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?</strong></p>
<p>In this case, a successful attack could be performed from a low privilege <a href="https://docs.microsoft.com/windows/win32/secauthz/appcontainer-isolation">AppContainer</a>. The attacker could elevate their privileges and execute code or access resources at a higher integrity level than that of the AppContainer execution environment.</p>
<p><strong>What privileges could be gained by an attacker who successfully exploited the vulnerability?</strong></p>
<p>An attacker could use this vulnerability to elevate privileges from a Low Integrity Level in a contained ("sandboxed") execution environment to a Medium Integrity Level. Please refer to <a href="https://learn.microsoft.com/en-us/windows/win32/secauthz/appcontainer-isolation">AppContainer isolation</a> and <a href="https://learn.microsoft.com/en-us/windows/win32/secauthz/mandatory-integrity-control">Mandatory Integrity Control</a> for more information.</p>
Windows Management Services
Microsoft
Yes
CVE-2026-20858
Use After Free
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
11568
11569
11571
11572
11923
11924
11929
11930
11931
12097
12098
12099
12437
20437
20438
12242
12243
12244
12389
12390
12436
Elevation of Privilege
11568
Elevation of Privilege
11569
Elevation of Privilege
11571
Elevation of Privilege
11572
Elevation of Privilege
11923
Elevation of Privilege
11924
Elevation of Privilege
11929
Elevation of Privilege
11930
Elevation of Privilege
11931
Elevation of Privilege
12097
Elevation of Privilege
12098
Elevation of Privilege
12099
Elevation of Privilege
12437
Elevation of Privilege
20437
Elevation of Privilege
20438
Elevation of Privilege
12242
Elevation of Privilege
12243
Elevation of Privilege
12244
Elevation of Privilege
12389
Elevation of Privilege
12390
Elevation of Privilege
12436
Important
11568
Important
11569
Important
11571
Important
11572
Important
11923
Important
11924
Important
11929
Important
11930
Important
11931
Important
12097
Important
12098
Important
12099
Important
12437
Important
20437
Important
20438
Important
12242
Important
12243
Important
12244
Important
12389
Important
12390
Important
12436
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
7.8
6.9
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:T/RC:C
11568
7.8
6.9
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:T/RC:C
11569
7.8
6.9
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:T/RC:C
11571
7.8
6.9
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:T/RC:C
11572
7.8
6.9
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:T/RC:C
11923
7.8
6.9
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:T/RC:C
11924
7.8
6.9
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:T/RC:C
11929
7.8
6.9
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:T/RC:C
11930
7.8
6.9
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:T/RC:C
11931
7.8
6.9
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:T/RC:C
12097
7.8
6.9
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:T/RC:C
12098
7.8
6.9
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:T/RC:C
12099
7.8
6.9
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:T/RC:C
12437
7.8
6.9
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:T/RC:C
20437
7.8
6.9
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:T/RC:C
20438
7.8
6.9
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:T/RC:C
12242
7.8
6.9
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:T/RC:C
12243
7.8
6.9
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:T/RC:C
12244
7.8
6.9
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:T/RC:C
12389
7.8
6.9
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:T/RC:C
12390
7.8
6.9
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:T/RC:C
12436
5073723
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073723
5071544
11568
11569
11571
11572
Yes
Security Update
10.0.17763.8276
https://support.microsoft.com/help/5073723
11568
11569
11571
11572
5073723
5073723
https://support.microsoft.com/help/5073723
11568
11569
11571
11572
5073457
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073457
5071547
11923
11924
Yes
Security Update
10.0.20348.4648
https://support.microsoft.com/help/5073457
11923
11924
5073457
5073457
https://support.microsoft.com/help/5073457
11923
11924
5073724
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073724
5071546
11929
11930
11931
Yes
Security Update
10.0.19044.6809
https://support.microsoft.com/help/5073724
11929
11930
11931
5073724
5073724
https://support.microsoft.com/help/5073724
11929
11930
11931
12097
12098
12099
5073724
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073724
5071546
12097
12098
12099
Yes
Security Update
10.0.19045.6809
https://support.microsoft.com/help/5073724
12097
12098
12099
5073724
5073379
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073379
5072033
12437
12436
Yes
Security Update
10.0.26100.32230
https://support.microsoft.com/en-us/topic/a6021fd2-b3b7-45a7-b68e-35c28a2a77da
12437
12436
5073379
5073379
https://support.microsoft.com/help/5073379
12437
12436
5074109
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5074109
5072033
20437
20438
Yes
Security Update
10.0.26200.7623
https://support.microsoft.com/help/5074109
20437
20438
5074109
5074109
https://support.microsoft.com/help/5074109
20437
20438
12389
12390
5073455
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073455
5071417
12242
12243
Yes
Security Update
10.0.22631.6491
https://support.microsoft.com/help/5073455
12242
12243
5073455
5073455
https://support.microsoft.com/help/5073455
12242
12243
5073450
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073450
5071542
12244
Yes
Security Update
10.0.25398.2092
https://support.microsoft.com/help/5073450
12244
5073450
5073450
https://support.microsoft.com/help/5073450
12244
5074109
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5074109
5072033
12389
12390
Yes
Security Update
10.0.26100.7623
https://support.microsoft.com/help/5074109
12389
12390
5074109
Anonymous
1.0
2026-01-13T08:00:00
<p>Information published.</p>
Windows Kernel-Mode Driver Elevation of Privilege Vulnerability
<p>Use after free in Windows Kernel-Mode Drivers allows an authorized attacker to elevate privileges locally.</p>
<p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p>
<p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p>
Windows Kernel-Mode Drivers
Microsoft
Yes
CVE-2026-20859
Use After Free
12437
20437
20438
12389
12390
12436
Elevation of Privilege
12437
Elevation of Privilege
20437
Elevation of Privilege
20438
Elevation of Privilege
12389
Elevation of Privilege
12390
Elevation of Privilege
12436
Important
12437
Important
20437
Important
20438
Important
12389
Important
12390
Important
12436
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12437
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
20437
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
20438
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12389
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12390
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12436
5073379
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073379
5072033
12437
12436
Yes
Security Update
10.0.26100.32230
https://support.microsoft.com/en-us/topic/a6021fd2-b3b7-45a7-b68e-35c28a2a77da
12437
12436
5073379
5073379
https://support.microsoft.com/help/5073379
12437
12436
5074109
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5074109
5072033
20437
20438
Yes
Security Update
10.0.26200.7623
https://support.microsoft.com/help/5074109
20437
20438
5074109
5074109
https://support.microsoft.com/help/5074109
20437
20438
12389
12390
5074109
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5074109
5072033
12389
12390
Yes
Security Update
10.0.26100.7623
https://support.microsoft.com/help/5074109
12389
12390
5074109
hazard
1.0
2026-01-13T08:00:00
<p>Information published.</p>
Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
<p>Access of resource using incompatible type ('type confusion') in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.</p>
<p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p>
<p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p>
Windows Ancillary Function Driver for WinSock
Microsoft
Yes
CVE-2026-20860
Access of Resource Using Incompatible Type ('Type Confusion')
11568
11569
11571
11572
11923
11924
11929
11930
11931
12097
12098
12099
12437
20437
20438
12242
12243
12244
12389
12390
12436
10852
10853
10816
10855
9312
10287
9318
9344
10051
10049
10378
10379
10483
10543
Elevation of Privilege
11568
Elevation of Privilege
11569
Elevation of Privilege
11571
Elevation of Privilege
11572
Elevation of Privilege
11923
Elevation of Privilege
11924
Elevation of Privilege
11929
Elevation of Privilege
11930
Elevation of Privilege
11931
Elevation of Privilege
12097
Elevation of Privilege
12098
Elevation of Privilege
12099
Elevation of Privilege
12437
Elevation of Privilege
20437
Elevation of Privilege
20438
Elevation of Privilege
12242
Elevation of Privilege
12243
Elevation of Privilege
12244
Elevation of Privilege
12389
Elevation of Privilege
12390
Elevation of Privilege
12436
Elevation of Privilege
10852
Elevation of Privilege
10853
Elevation of Privilege
10816
Elevation of Privilege
10855
Elevation of Privilege
9312
Elevation of Privilege
10287
Elevation of Privilege
9318
Elevation of Privilege
9344
Elevation of Privilege
10051
Elevation of Privilege
10049
Elevation of Privilege
10378
Elevation of Privilege
10379
Elevation of Privilege
10483
Elevation of Privilege
10543
Important
11568
Important
11569
Important
11571
Important
11572
Important
11923
Important
11924
Important
11929
Important
11930
Important
11931
Important
12097
Important
12098
Important
12099
Important
12437
Important
20437
Important
20438
Important
12242
Important
12243
Important
12244
Important
12389
Important
12390
Important
12436
Important
10852
Important
10853
Important
10816
Important
10855
Important
9312
Important
10287
Important
9318
Important
9344
Important
10051
Important
10049
Important
10378
Important
10379
Important
10483
Important
10543
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11568
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11569
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11571
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11572
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11923
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11924
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11929
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11930
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11931
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12097
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12098
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12099
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12437
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
20437
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
20438
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12242
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12243
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12244
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12389
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12390
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12436
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10852
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10853
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10816
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10855
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9312
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10287
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9318
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9344
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10051
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10049
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10378
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10379
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10483
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10543
5073723
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073723
5071544
11568
11569
11571
11572
Yes
Security Update
10.0.17763.8276
https://support.microsoft.com/help/5073723
11568
11569
11571
11572
5073723
5073723
https://support.microsoft.com/help/5073723
11568
11569
11571
11572
5073457
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073457
5071547
11923
11924
Yes
Security Update
10.0.20348.4648
https://support.microsoft.com/help/5073457
11923
11924
5073457
5073457
https://support.microsoft.com/help/5073457
11923
11924
5073724
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073724
5071546
11929
11930
11931
Yes
Security Update
10.0.19044.6809
https://support.microsoft.com/help/5073724
11929
11930
11931
5073724
5073724
https://support.microsoft.com/help/5073724
11929
11930
11931
12097
12098
12099
5073724
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073724
5071546
12097
12098
12099
Yes
Security Update
10.0.19045.6809
https://support.microsoft.com/help/5073724
12097
12098
12099
5073724
5073379
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073379
5072033
12437
12436
Yes
Security Update
10.0.26100.32230
https://support.microsoft.com/en-us/topic/a6021fd2-b3b7-45a7-b68e-35c28a2a77da
12437
12436
5073379
5073379
https://support.microsoft.com/help/5073379
12437
12436
5074109
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5074109
5072033
20437
20438
Yes
Security Update
10.0.26200.7623
https://support.microsoft.com/help/5074109
20437
20438
5074109
5074109
https://support.microsoft.com/help/5074109
20437
20438
12389
12390
5073455
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073455
5071417
12242
12243
Yes
Security Update
10.0.22631.6491
https://support.microsoft.com/help/5073455
12242
12243
5073455
5073455
https://support.microsoft.com/help/5073455
12242
12243
5073450
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073450
5071542
12244
Yes
Security Update
10.0.25398.2092
https://support.microsoft.com/help/5073450
12244
5073450
5073450
https://support.microsoft.com/help/5073450
12244
5074109
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5074109
5072033
12389
12390
Yes
Security Update
10.0.26100.7623
https://support.microsoft.com/help/5074109
12389
12390
5074109
5073722
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073722
5071543
10852
10853
10816
10855
Yes
Security Update
10.0.14393.8783
https://support.microsoft.com/help/5073722
10852
10853
10816
10855
5073722
5073697
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073697
5071504
9312
10287
9318
9344
Yes
Monthly Rollup
6.0.6003.23717
https://support.microsoft.com/help/5073697
9312
10287
9318
9344
5073697
5073700
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073700
9312
10287
9318
9344
Yes
Security Only
6.0.6003.23717
https://support.microsoft.com/help/5073700
9312
10287
9318
9344
5073700
5073695
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073695
5071501
10051
10049
Yes
Monthly Rollup
6.1.7601.28117
https://support.microsoft.com/help/5073695
10051
10049
5073695
5073699
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073699
10051
10049
Yes
Security Only
6.1.7601.28117
https://support.microsoft.com/help/5073699
10051
10049
5073699
5073698
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073698
5071505
10378
10379
Yes
Monthly Rollup
6.2.9200.25868
https://support.microsoft.com/help/5073698
10378
10379
5073698
5073696
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073696
5071503
10483
10543
Yes
Monthly Rollup
6.3.9600.22968
https://support.microsoft.com/help/5073696
10483
10543
5073696
<a href="https://twitter.com/scwuaptx">Angelboy (@scwuaptx)</a> with <a href="https://devco.re/">DEVCORE</a>
1.0
2026-01-13T08:00:00
<p>Information published.</p>
Windows Connected Devices Platform Service Elevation of Privilege Vulnerability
<p>Heap-based buffer overflow in Connected Devices Platform Service (Cdpsvc) allows an authorized attacker to elevate privileges locally.</p>
<p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p>
<p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p>
Connected Devices Platform Service (Cdpsvc)
Microsoft
Yes
CVE-2026-20864
Heap-based Buffer Overflow
11568
11569
11571
11572
11923
11924
11929
11930
11931
12097
12098
12099
12437
20437
20438
12242
12243
12244
12389
12390
12436
Elevation of Privilege
11568
Elevation of Privilege
11569
Elevation of Privilege
11571
Elevation of Privilege
11572
Elevation of Privilege
11923
Elevation of Privilege
11924
Elevation of Privilege
11929
Elevation of Privilege
11930
Elevation of Privilege
11931
Elevation of Privilege
12097
Elevation of Privilege
12098
Elevation of Privilege
12099
Elevation of Privilege
12437
Elevation of Privilege
20437
Elevation of Privilege
20438
Elevation of Privilege
12242
Elevation of Privilege
12243
Elevation of Privilege
12244
Elevation of Privilege
12389
Elevation of Privilege
12390
Elevation of Privilege
12436
Important
11568
Important
11569
Important
11571
Important
11572
Important
11923
Important
11924
Important
11929
Important
11930
Important
11931
Important
12097
Important
12098
Important
12099
Important
12437
Important
20437
Important
20438
Important
12242
Important
12243
Important
12244
Important
12389
Important
12390
Important
12436
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11568
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11569
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11571
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11572
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11923
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11924
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11929
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11930
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11931
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12097
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12098
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12099
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12437
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
20437
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
20438
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12242
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12243
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12244
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12389
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12390
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12436
5073723
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073723
5071544
11568
11569
11571
11572
Yes
Security Update
10.0.17763.8276
https://support.microsoft.com/help/5073723
11568
11569
11571
11572
5073723
5073723
https://support.microsoft.com/help/5073723
11568
11569
11571
11572
5073457
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073457
5071547
11923
11924
Yes
Security Update
10.0.20348.4648
https://support.microsoft.com/help/5073457
11923
11924
5073457
5073457
https://support.microsoft.com/help/5073457
11923
11924
5073724
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073724
5071546
11929
11930
11931
Yes
Security Update
10.0.19044.6809
https://support.microsoft.com/help/5073724
11929
11930
11931
5073724
5073724
https://support.microsoft.com/help/5073724
11929
11930
11931
12097
12098
12099
5073724
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073724
5071546
12097
12098
12099
Yes
Security Update
10.0.19045.6809
https://support.microsoft.com/help/5073724
12097
12098
12099
5073724
5073379
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073379
5072033
12437
12436
Yes
Security Update
10.0.26100.32230
https://support.microsoft.com/en-us/topic/a6021fd2-b3b7-45a7-b68e-35c28a2a77da
12437
12436
5073379
5073379
https://support.microsoft.com/help/5073379
12437
12436
5074109
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5074109
5072033
20437
20438
Yes
Security Update
10.0.26200.7623
https://support.microsoft.com/help/5074109
20437
20438
5074109
5074109
https://support.microsoft.com/help/5074109
20437
20438
12389
12390
5073455
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073455
5071417
12242
12243
Yes
Security Update
10.0.22631.6491
https://support.microsoft.com/help/5073455
12242
12243
5073455
5073455
https://support.microsoft.com/help/5073455
12242
12243
5073450
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073450
5071542
12244
Yes
Security Update
10.0.25398.2092
https://support.microsoft.com/help/5073450
12244
5073450
5073450
https://support.microsoft.com/help/5073450
12244
5074109
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5074109
5072033
12389
12390
Yes
Security Update
10.0.26100.7623
https://support.microsoft.com/help/5074109
12389
12390
5074109
<a href="https://twitter.com/hillstone_lab">Zhang WangJunJie, He YiSheng</a> with <a href="https://www.hillstonenet.com/">Hillstone Networks Security Research Institute</a>
1.0
2026-01-13T08:00:00
<p>Information published.</p>
Windows Management Services Elevation of Privilege Vulnerability
<p>Use after free in Windows Management Services allows an authorized attacker to elevate privileges locally.</p>
<p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p>
<p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p>
<p><strong>According to the CVSS metric, successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?</strong></p>
<p>In this case, a successful attack could be performed from a low privilege <a href="https://docs.microsoft.com/windows/win32/secauthz/appcontainer-isolation">AppContainer</a>. The attacker could elevate their privileges and execute code or access resources at a higher integrity level than that of the AppContainer execution environment.</p>
<p><strong>What privileges could be gained by an attacker who successfully exploited the vulnerability?</strong></p>
<p>An attacker could use this vulnerability to elevate privileges from a Low Integrity Level in a contained ("sandboxed") execution environment to a Medium Integrity Level. Please refer to <a href="https://learn.microsoft.com/en-us/windows/win32/secauthz/appcontainer-isolation">AppContainer isolation</a> and <a href="https://learn.microsoft.com/en-us/windows/win32/secauthz/mandatory-integrity-control">Mandatory Integrity Control</a> for more information.</p>
Windows Management Services
Microsoft
Yes
CVE-2026-20865
Use After Free
11568
11569
11571
11572
11923
11924
11929
11930
11931
12097
12098
12099
12437
20437
20438
12242
12243
12244
12389
12390
12436
Elevation of Privilege
11568
Elevation of Privilege
11569
Elevation of Privilege
11571
Elevation of Privilege
11572
Elevation of Privilege
11923
Elevation of Privilege
11924
Elevation of Privilege
11929
Elevation of Privilege
11930
Elevation of Privilege
11931
Elevation of Privilege
12097
Elevation of Privilege
12098
Elevation of Privilege
12099
Elevation of Privilege
12437
Elevation of Privilege
20437
Elevation of Privilege
20438
Elevation of Privilege
12242
Elevation of Privilege
12243
Elevation of Privilege
12244
Elevation of Privilege
12389
Elevation of Privilege
12390
Elevation of Privilege
12436
Important
11568
Important
11569
Important
11571
Important
11572
Important
11923
Important
11924
Important
11929
Important
11930
Important
11931
Important
12097
Important
12098
Important
12099
Important
12437
Important
20437
Important
20438
Important
12242
Important
12243
Important
12244
Important
12389
Important
12390
Important
12436
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
7.8
6.8
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
11568
7.8
6.8
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
11569
7.8
6.8
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
11571
7.8
6.8
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
11572
7.8
6.8
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
11923
7.8
6.8
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
11924
7.8
6.8
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
11929
7.8
6.8
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
11930
7.8
6.8
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
11931
7.8
6.8
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
12097
7.8
6.8
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
12098
7.8
6.8
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
12099
7.8
6.8
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
12437
7.8
6.8
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
20437
7.8
6.8
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
20438
7.8
6.8
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
12242
7.8
6.8
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
12243
7.8
6.8
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
12244
7.8
6.8
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
12389
7.8
6.8
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
12390
7.8
6.8
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
12436
5073723
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073723
5071544
11568
11569
11571
11572
Yes
Security Update
10.0.17763.8276
https://support.microsoft.com/help/5073723
11568
11569
11571
11572
5073723
5073723
https://support.microsoft.com/help/5073723
11568
11569
11571
11572
5073457
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073457
5071547
11923
11924
Yes
Security Update
10.0.20348.4648
https://support.microsoft.com/help/5073457
11923
11924
5073457
5073457
https://support.microsoft.com/help/5073457
11923
11924
5073724
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073724
5071546
11929
11930
11931
Yes
Security Update
10.0.19044.6809
https://support.microsoft.com/help/5073724
11929
11930
11931
5073724
5073724
https://support.microsoft.com/help/5073724
11929
11930
11931
12097
12098
12099
5073724
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073724
5071546
12097
12098
12099
Yes
Security Update
10.0.19045.6809
https://support.microsoft.com/help/5073724
12097
12098
12099
5073724
5073379
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073379
5072033
12437
12436
Yes
Security Update
10.0.26100.32230
https://support.microsoft.com/en-us/topic/a6021fd2-b3b7-45a7-b68e-35c28a2a77da
12437
12436
5073379
5073379
https://support.microsoft.com/help/5073379
12437
12436
5074109
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5074109
5072033
20437
20438
Yes
Security Update
10.0.26200.7623
https://support.microsoft.com/help/5074109
20437
20438
5074109
5074109
https://support.microsoft.com/help/5074109
20437
20438
12389
12390
5073455
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073455
5071417
12242
12243
Yes
Security Update
10.0.22631.6491
https://support.microsoft.com/help/5073455
12242
12243
5073455
5073455
https://support.microsoft.com/help/5073455
12242
12243
5073450
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073450
5071542
12244
Yes
Security Update
10.0.25398.2092
https://support.microsoft.com/help/5073450
12244
5073450
5073450
https://support.microsoft.com/help/5073450
12244
5074109
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5074109
5072033
12389
12390
Yes
Security Update
10.0.26100.7623
https://support.microsoft.com/help/5074109
12389
12390
5074109
Anonymous
1.0
2026-01-13T08:00:00
<p>Information published.</p>
Windows Local Session Manager (LSM) Elevation of Privilege Vulnerability
<p>Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Local Session Manager (LSM) allows an authorized attacker to elevate privileges locally.</p>
<p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p>
<p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p>
<p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p>
<p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p>
Windows Local Session Manager (LSM)
Microsoft
Yes
CVE-2026-20869
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
11568
11569
11571
11572
11923
11924
11929
11930
11931
12097
12098
12099
12437
20437
20438
12242
12243
12244
12389
12390
12436
10852
10853
10816
10855
9312
10287
9318
9344
10051
10049
10378
10379
10483
10543
Elevation of Privilege
11568
Elevation of Privilege
11569
Elevation of Privilege
11571
Elevation of Privilege
11572
Elevation of Privilege
11923
Elevation of Privilege
11924
Elevation of Privilege
11929
Elevation of Privilege
11930
Elevation of Privilege
11931
Elevation of Privilege
12097
Elevation of Privilege
12098
Elevation of Privilege
12099
Elevation of Privilege
12437
Elevation of Privilege
20437
Elevation of Privilege
20438
Elevation of Privilege
12242
Elevation of Privilege
12243
Elevation of Privilege
12244
Elevation of Privilege
12389
Elevation of Privilege
12390
Elevation of Privilege
12436
Elevation of Privilege
10852
Elevation of Privilege
10853
Elevation of Privilege
10816
Elevation of Privilege
10855
Elevation of Privilege
9312
Elevation of Privilege
10287
Elevation of Privilege
9318
Elevation of Privilege
9344
Elevation of Privilege
10051
Elevation of Privilege
10049
Elevation of Privilege
10378
Elevation of Privilege
10379
Elevation of Privilege
10483
Elevation of Privilege
10543
Important
11568
Important
11569
Important
11571
Important
11572
Important
11923
Important
11924
Important
11929
Important
11930
Important
11931
Important
12097
Important
12098
Important
12099
Important
12437
Important
20437
Important
20438
Important
12242
Important
12243
Important
12244
Important
12389
Important
12390
Important
12436
Important
10852
Important
10853
Important
10816
Important
10855
Important
9312
Important
10287
Important
9318
Important
9344
Important
10051
Important
10049
Important
10378
Important
10379
Important
10483
Important
10543
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11568
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11569
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11571
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11572
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11923
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11924
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11929
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11930
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11931
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12097
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12098
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12099
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12437
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
20437
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
20438
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12242
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12243
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12244
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12389
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12390
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12436
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10852
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10853
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10816
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10855
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9312
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10287
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9318
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9344
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10051
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10049
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10378
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10379
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10483
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10543
5073723
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073723
5071544
11568
11569
11571
11572
Yes
Security Update
10.0.17763.8276
https://support.microsoft.com/help/5073723
11568
11569
11571
11572
5073723
5073723
https://support.microsoft.com/help/5073723
11568
11569
11571
11572
5073457
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073457
5071547
11923
11924
Yes
Security Update
10.0.20348.4648
https://support.microsoft.com/help/5073457
11923
11924
5073457
5073457
https://support.microsoft.com/help/5073457
11923
11924
5073724
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073724
5071546
11929
11930
11931
Yes
Security Update
10.0.19044.6809
https://support.microsoft.com/help/5073724
11929
11930
11931
5073724
5073724
https://support.microsoft.com/help/5073724
11929
11930
11931
12097
12098
12099
5073724
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073724
5071546
12097
12098
12099
Yes
Security Update
10.0.19045.6809
https://support.microsoft.com/help/5073724
12097
12098
12099
5073724
5073379
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073379
5072033
12437
12436
Yes
Security Update
10.0.26100.32230
https://support.microsoft.com/en-us/topic/a6021fd2-b3b7-45a7-b68e-35c28a2a77da
12437
12436
5073379
5073379
https://support.microsoft.com/help/5073379
12437
12436
5074109
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5074109
5072033
20437
20438
Yes
Security Update
10.0.26200.7623
https://support.microsoft.com/help/5074109
20437
20438
5074109
5074109
https://support.microsoft.com/help/5074109
20437
20438
12389
12390
5073455
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073455
5071417
12242
12243
Yes
Security Update
10.0.22631.6491
https://support.microsoft.com/help/5073455
12242
12243
5073455
5073455
https://support.microsoft.com/help/5073455
12242
12243
5073450
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073450
5071542
12244
Yes
Security Update
10.0.25398.2092
https://support.microsoft.com/help/5073450
12244
5073450
5073450
https://support.microsoft.com/help/5073450
12244
5074109
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5074109
5072033
12389
12390
Yes
Security Update
10.0.26100.7623
https://support.microsoft.com/help/5074109
12389
12390
5074109
5073722
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073722
5071543
10852
10853
10816
10855
Yes
Security Update
10.0.14393.8783
https://support.microsoft.com/help/5073722
10852
10853
10816
10855
5073722
5073697
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073697
5071504
9312
10287
9318
9344
Yes
Monthly Rollup
6.0.6003.23717
https://support.microsoft.com/help/5073697
9312
10287
9318
9344
5073697
5073700
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073700
9312
10287
9318
9344
Yes
Security Only
6.0.6003.23717
https://support.microsoft.com/help/5073700
9312
10287
9318
9344
5073700
5073695
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073695
5071501
10051
10049
Yes
Monthly Rollup
6.1.7601.28117
https://support.microsoft.com/help/5073695
10051
10049
5073695
5073699
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073699
10051
10049
Yes
Security Only
6.1.7601.28117
https://support.microsoft.com/help/5073699
10051
10049
5073699
5073698
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073698
5071505
10378
10379
Yes
Monthly Rollup
6.2.9200.25868
https://support.microsoft.com/help/5073698
10378
10379
5073698
5073696
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073696
5071503
10483
10543
Yes
Monthly Rollup
6.3.9600.22968
https://support.microsoft.com/help/5073696
10483
10543
5073696
Jose Polo Bolano with <a href="https://www.microsoft.com/">Microsoft</a>
1.0
2026-01-13T08:00:00
<p>Information published.</p>
Windows Local Security Authority Subsystem Service (LSASS) Denial of Service Vulnerability
<p>Null pointer dereference in Windows Local Security Authority Subsystem Service (LSASS) allows an unauthorized attacker to deny service over a network.</p>
Windows Local Security Authority Subsystem Service (LSASS)
Microsoft
Yes
CVE-2026-20875
NULL Pointer Dereference
11568
11569
11571
11572
11923
11924
11929
11930
11931
12097
12098
12099
12437
20437
20438
12242
12243
12244
12389
12390
12436
10852
10853
10816
10855
9312
10287
9318
9344
10051
10049
10378
10379
10483
10543
Denial of Service
11568
Denial of Service
11569
Denial of Service
11571
Denial of Service
11572
Denial of Service
11923
Denial of Service
11924
Denial of Service
11929
Denial of Service
11930
Denial of Service
11931
Denial of Service
12097
Denial of Service
12098
Denial of Service
12099
Denial of Service
12437
Denial of Service
20437
Denial of Service
20438
Denial of Service
12242
Denial of Service
12243
Denial of Service
12244
Denial of Service
12389
Denial of Service
12390
Denial of Service
12436
Denial of Service
10852
Denial of Service
10853
Denial of Service
10816
Denial of Service
10855
Denial of Service
9312
Denial of Service
10287
Denial of Service
9318
Denial of Service
9344
Denial of Service
10051
Denial of Service
10049
Denial of Service
10378
Denial of Service
10379
Denial of Service
10483
Denial of Service
10543
Important
11568
Important
11569
Important
11571
Important
11572
Important
11923
Important
11924
Important
11929
Important
11930
Important
11931
Important
12097
Important
12098
Important
12099
Important
12437
Important
20437
Important
20438
Important
12242
Important
12243
Important
12244
Important
12389
Important
12390
Important
12436
Important
10852
Important
10853
Important
10816
Important
10855
Important
9312
Important
10287
Important
9318
Important
9344
Important
10051
Important
10049
Important
10378
Important
10379
Important
10483
Important
10543
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11568
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11569
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11571
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11572
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11923
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11924
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11929
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11930
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11931
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
12097
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
12098
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
12099
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
12437
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
20437
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
20438
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
12242
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
12243
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
12244
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
12389
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
12390
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
12436
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10852
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10853
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10816
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10855
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
9312
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10287
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
9318
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
9344
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10051
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10049
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10378
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10379
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10483
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10543
5073723
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073723
5071544
11568
11569
11571
11572
Yes
Security Update
10.0.17763.8276
https://support.microsoft.com/help/5073723
11568
11569
11571
11572
5073723
5073723
https://support.microsoft.com/help/5073723
11568
11569
11571
11572
5073457
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073457
5071547
11923
11924
Yes
Security Update
10.0.20348.4648
https://support.microsoft.com/help/5073457
11923
11924
5073457
5073457
https://support.microsoft.com/help/5073457
11923
11924
5073724
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073724
5071546
11929
11930
11931
Yes
Security Update
10.0.19044.6809
https://support.microsoft.com/help/5073724
11929
11930
11931
5073724
5073724
https://support.microsoft.com/help/5073724
11929
11930
11931
12097
12098
12099
5073724
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073724
5071546
12097
12098
12099
Yes
Security Update
10.0.19045.6809
https://support.microsoft.com/help/5073724
12097
12098
12099
5073724
5073379
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073379
5072033
12437
12436
Yes
Security Update
10.0.26100.32230
https://support.microsoft.com/en-us/topic/a6021fd2-b3b7-45a7-b68e-35c28a2a77da
12437
12436
5073379
5073379
https://support.microsoft.com/help/5073379
12437
12436
5074109
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5074109
5072033
20437
20438
Yes
Security Update
10.0.26200.7623
https://support.microsoft.com/help/5074109
20437
20438
5074109
5074109
https://support.microsoft.com/help/5074109
20437
20438
12389
12390
5073455
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073455
5071417
12242
12243
Yes
Security Update
10.0.22631.6491
https://support.microsoft.com/help/5073455
12242
12243
5073455
5073455
https://support.microsoft.com/help/5073455
12242
12243
5073450
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073450
5071542
12244
Yes
Security Update
10.0.25398.2092
https://support.microsoft.com/help/5073450
12244
5073450
5073450
https://support.microsoft.com/help/5073450
12244
5074109
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5074109
5072033
12389
12390
Yes
Security Update
10.0.26100.7623
https://support.microsoft.com/help/5074109
12389
12390
5074109
5073722
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073722
5071543
10852
10853
10816
10855
Yes
Security Update
10.0.14393.8783
https://support.microsoft.com/help/5073722
10852
10853
10816
10855
5073722
5073697
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073697
5071504
9312
10287
9318
9344
Yes
Monthly Rollup
6.0.6003.23717
https://support.microsoft.com/help/5073697
9312
10287
9318
9344
5073697
5073700
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073700
9312
10287
9318
9344
Yes
Security Only
6.0.6003.23717
https://support.microsoft.com/help/5073700
9312
10287
9318
9344
5073700
5073695
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073695
5071501
10051
10049
Yes
Monthly Rollup
6.1.7601.28117
https://support.microsoft.com/help/5073695
10051
10049
5073695
5073699
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073699
10051
10049
Yes
Security Only
6.1.7601.28117
https://support.microsoft.com/help/5073699
10051
10049
5073699
5073698
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073698
5071505
10378
10379
Yes
Monthly Rollup
6.2.9200.25868
https://support.microsoft.com/help/5073698
10378
10379
5073698
5073696
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073696
5071503
10483
10543
Yes
Monthly Rollup
6.3.9600.22968
https://support.microsoft.com/help/5073696
10483
10543
5073696
Ziran Lin with Microsoft
1.0
2026-01-13T08:00:00
<p>Information published.</p>
Windows Virtualization-Based Security (VBS) Enclave Elevation of Privilege Vulnerability
<p>Heap-based buffer overflow in Windows Virtualization-Based Security (VBS) Enclave allows an authorized attacker to elevate privileges locally.</p>
<p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p>
<p>An attacker who successfully exploited this vulnerability could gain Virtual Trust Level 2 (VTL2) privileges.</p>
Windows Virtualization-Based Security (VBS) Enclave
Microsoft
Yes
CVE-2026-20876
Heap-based Buffer Overflow
12437
20437
20438
12242
12243
12244
12389
12390
12436
Elevation of Privilege
12437
Elevation of Privilege
20437
Elevation of Privilege
20438
Elevation of Privilege
12242
Elevation of Privilege
12243
Elevation of Privilege
12244
Elevation of Privilege
12389
Elevation of Privilege
12390
Elevation of Privilege
12436
Critical
12437
Critical
20437
Critical
20438
Critical
12242
Critical
12243
Critical
12244
Critical
12389
Critical
12390
Critical
12436
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
6.7
5.8
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12437
6.7
5.8
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
20437
6.7
5.8
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
20438
6.7
5.8
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12242
6.7
5.8
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12243
6.7
5.8
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12244
6.7
5.8
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12389
6.7
5.8
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12390
6.7
5.8
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12436
5073379
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073379
5072033
12437
12436
Yes
Security Update
10.0.26100.32230
https://support.microsoft.com/en-us/topic/a6021fd2-b3b7-45a7-b68e-35c28a2a77da
12437
12436
5073379
5073379
https://support.microsoft.com/help/5073379
12437
12436
5074109
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5074109
5072033
20437
20438
Yes
Security Update
10.0.26200.7623
https://support.microsoft.com/help/5074109
20437
20438
5074109
5074109
https://support.microsoft.com/help/5074109
20437
20438
12389
12390
5073455
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073455
5071417
12242
12243
Yes
Security Update
10.0.22631.6491
https://support.microsoft.com/help/5073455
12242
12243
5073455
5073455
https://support.microsoft.com/help/5073455
12242
12243
5073450
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073450
5071542
12244
Yes
Security Update
10.0.25398.2092
https://support.microsoft.com/help/5073450
12244
5073450
5073450
https://support.microsoft.com/help/5073450
12244
5074109
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5074109
5072033
12389
12390
Yes
Security Update
10.0.26100.7623
https://support.microsoft.com/help/5074109
12389
12390
5074109
Andrey Markovytch and Kas Dekel with Microsoft
1.0
2026-01-13T08:00:00
<p>Information published.</p>
Windows Management Services Elevation of Privilege Vulnerability
<p>Use after free in Windows Management Services allows an authorized attacker to elevate privileges locally.</p>
<p><strong>According to the CVSS metric, successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?</strong></p>
<p>In this case, a successful attack could be performed from a low privilege <a href="https://docs.microsoft.com/windows/win32/secauthz/appcontainer-isolation">AppContainer</a>. The attacker could elevate their privileges and execute code or access resources at a higher integrity level than that of the AppContainer execution environment.</p>
<p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p>
<p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p>
<p><strong>What privileges could be gained by an attacker who successfully exploited the vulnerability?</strong></p>
<p>An attacker could use this vulnerability to elevate privileges from a Low Integrity Level in a contained ("sandboxed") execution environment to a Medium Integrity Level. Please refer to <a href="https://learn.microsoft.com/en-us/windows/win32/secauthz/appcontainer-isolation">AppContainer isolation</a> and <a href="https://learn.microsoft.com/en-us/windows/win32/secauthz/mandatory-integrity-control">Mandatory Integrity Control</a> for more information.</p>
Windows Management Services
Microsoft
Yes
CVE-2026-20877
Use After Free
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
11568
11569
11571
11572
11923
11924
11929
11930
11931
12097
12098
12099
12437
20437
20438
12242
12243
12244
12389
12390
12436
Elevation of Privilege
11568
Elevation of Privilege
11569
Elevation of Privilege
11571
Elevation of Privilege
11572
Elevation of Privilege
11923
Elevation of Privilege
11924
Elevation of Privilege
11929
Elevation of Privilege
11930
Elevation of Privilege
11931
Elevation of Privilege
12097
Elevation of Privilege
12098
Elevation of Privilege
12099
Elevation of Privilege
12437
Elevation of Privilege
20437
Elevation of Privilege
20438
Elevation of Privilege
12242
Elevation of Privilege
12243
Elevation of Privilege
12244
Elevation of Privilege
12389
Elevation of Privilege
12390
Elevation of Privilege
12436
Important
11568
Important
11569
Important
11571
Important
11572
Important
11923
Important
11924
Important
11929
Important
11930
Important
11931
Important
12097
Important
12098
Important
12099
Important
12437
Important
20437
Important
20438
Important
12242
Important
12243
Important
12244
Important
12389
Important
12390
Important
12436
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
7.8
6.8
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
11568
7.8
6.8
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
11569
7.8
6.8
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
11571
7.8
6.8
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
11572
7.8
6.8
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
11923
7.8
6.8
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
11924
7.8
6.8
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
11929
7.8
6.8
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
11930
7.8
6.8
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
11931
7.8
6.8
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
12097
7.8
6.8
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
12098
7.8
6.8
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
12099
7.8
6.8
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
12437
7.8
6.8
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
20437
7.8
6.8
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
20438
7.8
6.8
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
12242
7.8
6.8
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
12243
7.8
6.8
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
12244
7.8
6.8
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
12389
7.8
6.8
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
12390
7.8
6.8
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
12436
5073723
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073723
5071544
11568
11569
11571
11572
Yes
Security Update
10.0.17763.8276
https://support.microsoft.com/help/5073723
11568
11569
11571
11572
5073723
5073723
https://support.microsoft.com/help/5073723
11568
11569
11571
11572
5073457
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073457
5071547
11923
11924
Yes
Security Update
10.0.20348.4648
https://support.microsoft.com/help/5073457
11923
11924
5073457
5073457
https://support.microsoft.com/help/5073457
11923
11924
5073724
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073724
5071546
11929
11930
11931
Yes
Security Update
10.0.19044.6809
https://support.microsoft.com/help/5073724
11929
11930
11931
5073724
5073724
https://support.microsoft.com/help/5073724
11929
11930
11931
12097
12098
12099
5073724
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073724
5071546
12097
12098
12099
Yes
Security Update
10.0.19045.6809
https://support.microsoft.com/help/5073724
12097
12098
12099
5073724
5073379
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073379
5072033
12437
12436
Yes
Security Update
10.0.26100.32230
https://support.microsoft.com/en-us/topic/a6021fd2-b3b7-45a7-b68e-35c28a2a77da
12437
12436
5073379
5073379
https://support.microsoft.com/help/5073379
12437
12436
5074109
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5074109
5072033
20437
20438
Yes
Security Update
10.0.26200.7623
https://support.microsoft.com/help/5074109
20437
20438
5074109
5074109
https://support.microsoft.com/help/5074109
20437
20438
12389
12390
5073455
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073455
5071417
12242
12243
Yes
Security Update
10.0.22631.6491
https://support.microsoft.com/help/5073455
12242
12243
5073455
5073455
https://support.microsoft.com/help/5073455
12242
12243
5073450
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073450
5071542
12244
Yes
Security Update
10.0.25398.2092
https://support.microsoft.com/help/5073450
12244
5073450
5073450
https://support.microsoft.com/help/5073450
12244
5074109
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5074109
5072033
12389
12390
Yes
Security Update
10.0.26100.7623
https://support.microsoft.com/help/5074109
12389
12390
5074109
Anonymous
1.0
2026-01-13T08:00:00
<p>Information published.</p>
Windows Management Services Elevation of Privilege Vulnerability
<p>Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Management Services allows an authorized attacker to elevate privileges locally.</p>
<p><strong>According to the CVSS metric, successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?</strong></p>
<p>In this case, a successful attack could be performed from a low privilege <a href="https://docs.microsoft.com/windows/win32/secauthz/appcontainer-isolation">AppContainer</a>. The attacker could elevate their privileges and execute code or access resources at a higher integrity level than that of the AppContainer execution environment.</p>
<p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p>
<p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p>
<p><strong>What privileges could be gained by an attacker who successfully exploited the vulnerability?</strong></p>
<p>An attacker could use this vulnerability to elevate privileges from a Low Integrity Level in a contained ("sandboxed") execution environment to a Medium Integrity Level. Please refer to <a href="https://learn.microsoft.com/en-us/windows/win32/secauthz/appcontainer-isolation">AppContainer isolation</a> and <a href="https://learn.microsoft.com/en-us/windows/win32/secauthz/mandatory-integrity-control">Mandatory Integrity Control</a> for more information.</p>
Windows Management Services
Microsoft
Yes
CVE-2026-20918
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
Use After Free
11568
11569
11571
11572
11923
11924
11929
11930
11931
12097
12098
12099
12437
20437
20438
12242
12243
12244
12389
12390
12436
Elevation of Privilege
11568
Elevation of Privilege
11569
Elevation of Privilege
11571
Elevation of Privilege
11572
Elevation of Privilege
11923
Elevation of Privilege
11924
Elevation of Privilege
11929
Elevation of Privilege
11930
Elevation of Privilege
11931
Elevation of Privilege
12097
Elevation of Privilege
12098
Elevation of Privilege
12099
Elevation of Privilege
12437
Elevation of Privilege
20437
Elevation of Privilege
20438
Elevation of Privilege
12242
Elevation of Privilege
12243
Elevation of Privilege
12244
Elevation of Privilege
12389
Elevation of Privilege
12390
Elevation of Privilege
12436
Important
11568
Important
11569
Important
11571
Important
11572
Important
11923
Important
11924
Important
11929
Important
11930
Important
11931
Important
12097
Important
12098
Important
12099
Important
12437
Important
20437
Important
20438
Important
12242
Important
12243
Important
12244
Important
12389
Important
12390
Important
12436
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely
7.8
6.8
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
11568
7.8
6.8
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
11569
7.8
6.8
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
11571
7.8
6.8
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
11572
7.8
6.8
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
11923
7.8
6.8
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
11924
7.8
6.8
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
11929
7.8
6.8
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
11930
7.8
6.8
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
11931
7.8
6.8
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
12097
7.8
6.8
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
12098
7.8
6.8
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
12099
7.8
6.8
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
12437
7.8
6.8
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
20437
7.8
6.8
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
20438
7.8
6.8
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
12242
7.8
6.8
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
12243
7.8
6.8
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
12244
7.8
6.8
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
12389
7.8
6.8
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
12390
7.8
6.8
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
12436
5073723
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073723
5071544
11568
11569
11571
11572
Yes
Security Update
10.0.17763.8276
https://support.microsoft.com/help/5073723
11568
11569
11571
11572
5073723
5073723
https://support.microsoft.com/help/5073723
11568
11569
11571
11572
5073457
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073457
5071547
11923
11924
Yes
Security Update
10.0.20348.4648
https://support.microsoft.com/help/5073457
11923
11924
5073457
5073457
https://support.microsoft.com/help/5073457
11923
11924
5073724
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073724
5071546
11929
11930
11931
Yes
Security Update
10.0.19044.6809
https://support.microsoft.com/help/5073724
11929
11930
11931
5073724
5073724
https://support.microsoft.com/help/5073724
11929
11930
11931
12097
12098
12099
5073724
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073724
5071546
12097
12098
12099
Yes
Security Update
10.0.19045.6809
https://support.microsoft.com/help/5073724
12097
12098
12099
5073724
5073379
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073379
5072033
12437
12436
Yes
Security Update
10.0.26100.32230
https://support.microsoft.com/en-us/topic/a6021fd2-b3b7-45a7-b68e-35c28a2a77da
12437
12436
5073379
5073379
https://support.microsoft.com/help/5073379
12437
12436
5074109
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5074109
5072033
20437
20438
Yes
Security Update
10.0.26200.7623
https://support.microsoft.com/help/5074109
20437
20438
5074109
5074109
https://support.microsoft.com/help/5074109
20437
20438
12389
12390
5073455
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073455
5071417
12242
12243
Yes
Security Update
10.0.22631.6491
https://support.microsoft.com/help/5073455
12242
12243
5073455
5073455
https://support.microsoft.com/help/5073455
12242
12243
5073450
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073450
5071542
12244
Yes
Security Update
10.0.25398.2092
https://support.microsoft.com/help/5073450
12244
5073450
5073450
https://support.microsoft.com/help/5073450
12244
5074109
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5074109
5072033
12389
12390
Yes
Security Update
10.0.26100.7623
https://support.microsoft.com/help/5074109
12389
12390
5074109
Anonymous
<a href="https://linkedin.com/in/jongseongkim">Jongseong Kim (nevul37), SEC-agent team</a>
<a href="https://linkedin.com/in/hwiwonlee">Hwiwon Lee (develacker), SEC-agent team</a>
1.0
2026-01-13T08:00:00
<p>Information published.</p>
Windows SMB Server Elevation of Privilege Vulnerability
<p>Concurrent execution using shared resource with improper synchronization ('race condition') in Windows SMB Server allows an authorized attacker to elevate privileges over a network.</p>
<p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p>
<p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p>
<p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p>
<p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p>
Windows SMB Server
Microsoft
Yes
CVE-2026-20919
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
11568
11569
11571
11572
11923
11924
11929
11930
11931
12097
12098
12099
12437
20437
20438
12242
12243
12244
12389
12390
12436
10852
10853
10816
10855
10378
10379
10483
10543
Elevation of Privilege
11568
Elevation of Privilege
11569
Elevation of Privilege
11571
Elevation of Privilege
11572
Elevation of Privilege
11923
Elevation of Privilege
11924
Elevation of Privilege
11929
Elevation of Privilege
11930
Elevation of Privilege
11931
Elevation of Privilege
12097
Elevation of Privilege
12098
Elevation of Privilege
12099
Elevation of Privilege
12437
Elevation of Privilege
20437
Elevation of Privilege
20438
Elevation of Privilege
12242
Elevation of Privilege
12243
Elevation of Privilege
12244
Elevation of Privilege
12389
Elevation of Privilege
12390
Elevation of Privilege
12436
Elevation of Privilege
10852
Elevation of Privilege
10853
Elevation of Privilege
10816
Elevation of Privilege
10855
Elevation of Privilege
10378
Elevation of Privilege
10379
Elevation of Privilege
10483
Elevation of Privilege
10543
Important
11568
Important
11569
Important
11571
Important
11572
Important
11923
Important
11924
Important
11929
Important
11930
Important
11931
Important
12097
Important
12098
Important
12099
Important
12437
Important
20437
Important
20438
Important
12242
Important
12243
Important
12244
Important
12389
Important
12390
Important
12436
Important
10852
Important
10853
Important
10816
Important
10855
Important
10378
Important
10379
Important
10483
Important
10543
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11568
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11569
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11571
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11572
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11923
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11924
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11929
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11930
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11931
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12097
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12098
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12099
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12437
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
20437
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
20438
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12242
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12243
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12244
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12389
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12390
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12436
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10852
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10853
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10816
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10855
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10378
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10379
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10483
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10543
5073723
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073723
5071544
11568
11569
11571
11572
Yes
Security Update
10.0.17763.8276
https://support.microsoft.com/help/5073723
11568
11569
11571
11572
5073723
5073723
https://support.microsoft.com/help/5073723
11568
11569
11571
11572
5073457
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073457
5071547
11923
11924
Yes
Security Update
10.0.20348.4648
https://support.microsoft.com/help/5073457
11923
11924
5073457
5073457
https://support.microsoft.com/help/5073457
11923
11924
5073724
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073724
5071546
11929
11930
11931
Yes
Security Update
10.0.19044.6809
https://support.microsoft.com/help/5073724
11929
11930
11931
5073724
5073724
https://support.microsoft.com/help/5073724
11929
11930
11931
12097
12098
12099
5073724
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073724
5071546
12097
12098
12099
Yes
Security Update
10.0.19045.6809
https://support.microsoft.com/help/5073724
12097
12098
12099
5073724
5073379
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073379
5072033
12437
12436
Yes
Security Update
10.0.26100.32230
https://support.microsoft.com/en-us/topic/a6021fd2-b3b7-45a7-b68e-35c28a2a77da
12437
12436
5073379
5073379
https://support.microsoft.com/help/5073379
12437
12436
5074109
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5074109
5072033
20437
20438
Yes
Security Update
10.0.26200.7623
https://support.microsoft.com/help/5074109
20437
20438
5074109
5074109
https://support.microsoft.com/help/5074109
20437
20438
12389
12390
5073455
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073455
5071417
12242
12243
Yes
Security Update
10.0.22631.6491
https://support.microsoft.com/help/5073455
12242
12243
5073455
5073455
https://support.microsoft.com/help/5073455
12242
12243
5073450
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073450
5071542
12244
Yes
Security Update
10.0.25398.2092
https://support.microsoft.com/help/5073450
12244
5073450
5073450
https://support.microsoft.com/help/5073450
12244
5074109
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5074109
5072033
12389
12390
Yes
Security Update
10.0.26100.7623
https://support.microsoft.com/help/5074109
12389
12390
5074109
5073722
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073722
5071543
10852
10853
10816
10855
Yes
Security Update
10.0.14393.8783
https://support.microsoft.com/help/5073722
10852
10853
10816
10855
5073722
5073698
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073698
5071505
10378
10379
Yes
Monthly Rollup
6.2.9200.25868
https://support.microsoft.com/help/5073698
10378
10379
5073698
5073696
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073696
5071503
10483
10543
Yes
Monthly Rollup
6.3.9600.22968
https://support.microsoft.com/help/5073696
10483
10543
5073696
Microsoft
Microsoft
1.0
2026-01-13T08:00:00
<p>Information published.</p>
Win32k Elevation of Privilege Vulnerability
<p>Use after free in Windows Win32K - ICOMP allows an authorized attacker to elevate privileges locally.</p>
<p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p>
<p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p>
Windows Win32K - ICOMP
Microsoft
Yes
CVE-2026-20920
Use After Free
11923
11924
12242
12243
12244
Elevation of Privilege
11923
Elevation of Privilege
11924
Elevation of Privilege
12242
Elevation of Privilege
12243
Elevation of Privilege
12244
Important
11923
Important
11924
Important
12242
Important
12243
Important
12244
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11923
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11924
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12242
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12243
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12244
5073457
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073457
5071547
11923
11924
Yes
Security Update
10.0.20348.4648
https://support.microsoft.com/help/5073457
11923
11924
5073457
5073457
https://support.microsoft.com/help/5073457
11923
11924
5073455
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073455
5071417
12242
12243
Yes
Security Update
10.0.22631.6491
https://support.microsoft.com/help/5073455
12242
12243
5073455
5073455
https://support.microsoft.com/help/5073455
12242
12243
5073450
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073450
5071542
12244
Yes
Security Update
10.0.25398.2092
https://support.microsoft.com/help/5073450
12244
5073450
5073450
https://support.microsoft.com/help/5073450
12244
Varun Goel
1.0
2026-01-13T08:00:00
<p>Information published.</p>
Windows SMB Server Elevation of Privilege Vulnerability
<p>Concurrent execution using shared resource with improper synchronization ('race condition') in Windows SMB Server allows an authorized attacker to elevate privileges over a network.</p>
<p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p>
<p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p>
<p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p>
<p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p>
Windows SMB Server
Microsoft
Yes
CVE-2026-20921
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
11568
11569
11571
11572
11923
11924
11929
11930
11931
12097
12098
12099
12437
20437
20438
12242
12243
12244
12389
12390
12436
10852
10853
10816
10855
9312
10287
9318
9344
10051
10049
10378
10379
10483
10543
Elevation of Privilege
11568
Elevation of Privilege
11569
Elevation of Privilege
11571
Elevation of Privilege
11572
Elevation of Privilege
11923
Elevation of Privilege
11924
Elevation of Privilege
11929
Elevation of Privilege
11930
Elevation of Privilege
11931
Elevation of Privilege
12097
Elevation of Privilege
12098
Elevation of Privilege
12099
Elevation of Privilege
12437
Elevation of Privilege
20437
Elevation of Privilege
20438
Elevation of Privilege
12242
Elevation of Privilege
12243
Elevation of Privilege
12244
Elevation of Privilege
12389
Elevation of Privilege
12390
Elevation of Privilege
12436
Elevation of Privilege
10852
Elevation of Privilege
10853
Elevation of Privilege
10816
Elevation of Privilege
10855
Elevation of Privilege
9312
Elevation of Privilege
10287
Elevation of Privilege
9318
Elevation of Privilege
9344
Elevation of Privilege
10051
Elevation of Privilege
10049
Elevation of Privilege
10378
Elevation of Privilege
10379
Elevation of Privilege
10483
Elevation of Privilege
10543
Important
11568
Important
11569
Important
11571
Important
11572
Important
11923
Important
11924
Important
11929
Important
11930
Important
11931
Important
12097
Important
12098
Important
12099
Important
12437
Important
20437
Important
20438
Important
12242
Important
12243
Important
12244
Important
12389
Important
12390
Important
12436
Important
10852
Important
10853
Important
10816
Important
10855
Important
9312
Important
10287
Important
9318
Important
9344
Important
10051
Important
10049
Important
10378
Important
10379
Important
10483
Important
10543
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11568
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11569
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11571
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11572
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11923
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11924
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11929
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11930
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11931
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12097
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12098
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12099
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12437
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
20437
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
20438
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12242
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12243
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12244
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12389
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12390
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12436
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10852
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10853
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10816
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10855
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9312
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10287
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9318
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9344
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10051
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10049
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10378
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10379
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10483
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10543
5073723
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073723
5071544
11568
11569
11571
11572
Yes
Security Update
10.0.17763.8276
https://support.microsoft.com/help/5073723
11568
11569
11571
11572
5073723
5073723
https://support.microsoft.com/help/5073723
11568
11569
11571
11572
5073457
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073457
5071547
11923
11924
Yes
Security Update
10.0.20348.4648
https://support.microsoft.com/help/5073457
11923
11924
5073457
5073457
https://support.microsoft.com/help/5073457
11923
11924
5073724
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073724
5071546
11929
11930
11931
Yes
Security Update
10.0.19044.6809
https://support.microsoft.com/help/5073724
11929
11930
11931
5073724
5073724
https://support.microsoft.com/help/5073724
11929
11930
11931
12097
12098
12099
5073724
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073724
5071546
12097
12098
12099
Yes
Security Update
10.0.19045.6809
https://support.microsoft.com/help/5073724
12097
12098
12099
5073724
5073379
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073379
5072033
12437
12436
Yes
Security Update
10.0.26100.32230
https://support.microsoft.com/en-us/topic/a6021fd2-b3b7-45a7-b68e-35c28a2a77da
12437
12436
5073379
5073379
https://support.microsoft.com/help/5073379
12437
12436
5074109
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5074109
5072033
20437
20438
Yes
Security Update
10.0.26200.7623
https://support.microsoft.com/help/5074109
20437
20438
5074109
5074109
https://support.microsoft.com/help/5074109
20437
20438
12389
12390
5073455
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073455
5071417
12242
12243
Yes
Security Update
10.0.22631.6491
https://support.microsoft.com/help/5073455
12242
12243
5073455
5073455
https://support.microsoft.com/help/5073455
12242
12243
5073450
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073450
5071542
12244
Yes
Security Update
10.0.25398.2092
https://support.microsoft.com/help/5073450
12244
5073450
5073450
https://support.microsoft.com/help/5073450
12244
5074109
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5074109
5072033
12389
12390
Yes
Security Update
10.0.26100.7623
https://support.microsoft.com/help/5074109
12389
12390
5074109
5073722
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073722
5071543
10852
10853
10816
10855
Yes
Security Update
10.0.14393.8783
https://support.microsoft.com/help/5073722
10852
10853
10816
10855
5073722
5073697
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073697
5071504
9312
10287
9318
9344
Yes
Monthly Rollup
6.0.6003.23717
https://support.microsoft.com/help/5073697
9312
10287
9318
9344
5073697
5073700
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073700
9312
10287
9318
9344
Yes
Security Only
6.0.6003.23717
https://support.microsoft.com/help/5073700
9312
10287
9318
9344
5073700
5073695
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073695
5071501
10051
10049
Yes
Monthly Rollup
6.1.7601.28117
https://support.microsoft.com/help/5073695
10051
10049
5073695
5073699
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073699
10051
10049
Yes
Security Only
6.1.7601.28117
https://support.microsoft.com/help/5073699
10051
10049
5073699
5073698
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073698
5071505
10378
10379
Yes
Monthly Rollup
6.2.9200.25868
https://support.microsoft.com/help/5073698
10378
10379
5073698
5073696
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073696
5071503
10483
10543
Yes
Monthly Rollup
6.3.9600.22968
https://support.microsoft.com/help/5073696
10483
10543
5073696
Microsoft
1.0
2026-01-13T08:00:00
<p>Information published.</p>
Windows NTFS Remote Code Execution Vulnerability
<p>Heap-based buffer overflow in Windows NTFS allows an authorized attacker to execute code locally.</p>
<p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p>
<p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability.</p>
<p><strong>According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability?</strong></p>
<p>Any authenticated attacker could trigger this vulnerability. It does not require admin or other elevated privileges.</p>
Windows NTFS
Microsoft
Yes
CVE-2026-20922
Heap-based Buffer Overflow
11924
11929
11572
11931
12437
12099
11923
20437
11930
20438
12244
11569
12243
12242
12389
12436
12390
12097
12098
11568
10051
11571
10379
10816
9312
9318
10378
10287
10543
9344
10049
10483
10852
10853
10855
Remote Code Execution
11924
Remote Code Execution
11929
Remote Code Execution
11572
Remote Code Execution
11931
Remote Code Execution
12437
Remote Code Execution
12099
Remote Code Execution
11923
Remote Code Execution
20437
Remote Code Execution
11930
Remote Code Execution
20438
Remote Code Execution
12244
Remote Code Execution
11569
Remote Code Execution
12243
Remote Code Execution
12242
Remote Code Execution
12389
Remote Code Execution
12436
Remote Code Execution
12390
Remote Code Execution
12097
Remote Code Execution
12098
Remote Code Execution
11568
Remote Code Execution
10051
Remote Code Execution
11571
Remote Code Execution
10379
Remote Code Execution
10816
Remote Code Execution
9312
Remote Code Execution
9318
Remote Code Execution
10378
Remote Code Execution
10287
Remote Code Execution
10543
Remote Code Execution
9344
Remote Code Execution
10049
Remote Code Execution
10483
Remote Code Execution
10852
Remote Code Execution
10853
Remote Code Execution
10855
Important
11924
Important
11929
Important
11572
Important
11931
Important
12437
Important
12099
Important
11923
Important
20437
Important
11930
Important
20438
Important
12244
Important
11569
Important
12243
Important
12242
Important
12389
Important
12436
Important
12390
Important
12097
Important
12098
Important
11568
Important
10051
Important
11571
Important
10379
Important
10816
Important
9312
Important
9318
Important
10378
Important
10287
Important
10543
Important
9344
Important
10049
Important
10483
Important
10852
Important
10853
Important
10855
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11924
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11929
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11572
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11931
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12437
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12099
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11923
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
20437
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11930
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
20438
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12244
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11569
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12243
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12242
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12389
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12436
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12390
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12097
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12098
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11568
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10051
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11571
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10379
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10816
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9312
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9318
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10378
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10287
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10543
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9344
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10049
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10483
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10852
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10853
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10855
5073457
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073457
5071547
11924
11923
Yes
Security Update
10.0.20348.4648
https://support.microsoft.com/help/5073457
11924
11923
5073457
5073457
https://support.microsoft.com/help/5073457
11924
11923
5073724
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073724
5071546
11929
11931
11930
Yes
Security Update
10.0.19044.6809
https://support.microsoft.com/help/5073724
11929
11931
11930
5073724
5073724
https://support.microsoft.com/help/5073724
11929
11931
12099
11930
12097
12098
5073723
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073723
5071544
11572
11569
11568
11571
Yes
Security Update
10.0.17763.8276
https://support.microsoft.com/help/5073723
11572
11569
11568
11571
5073723
5073723
https://support.microsoft.com/help/5073723
11572
11569
11568
11571
5073379
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073379
5072033
12437
12436
Yes
Security Update
10.0.26100.32230
https://support.microsoft.com/en-us/topic/a6021fd2-b3b7-45a7-b68e-35c28a2a77da
12437
12436
5073379
5073379
https://support.microsoft.com/help/5073379
12437
12436
5073724
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073724
5071546
12099
12097
12098
Yes
Security Update
10.0.19045.6809
https://support.microsoft.com/help/5073724
12099
12097
12098
5073724
5074109
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5074109
5072033
20437
20438
Yes
Security Update
10.0.26200.7623
https://support.microsoft.com/help/5074109
20437
20438
5074109
5074109
https://support.microsoft.com/help/5074109
20437
20438
12389
12390
5073450
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073450
5071542
12244
Yes
Security Update
10.0.25398.2092
https://support.microsoft.com/help/5073450
12244
5073450
5073450
https://support.microsoft.com/help/5073450
12244
5073455
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073455
5071417
12243
12242
Yes
Security Update
10.0.22631.6491
https://support.microsoft.com/help/5073455
12243
12242
5073455
5073455
https://support.microsoft.com/help/5073455
12243
12242
5074109
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5074109
5072033
12389
12390
Yes
Security Update
10.0.26100.7623
https://support.microsoft.com/help/5074109
12389
12390
5074109
5073695
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073695
5071501
10051
10049
Yes
Monthly Rollup
6.1.7601.28117
https://support.microsoft.com/help/5073695
10051
10049
5073695
5073699
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073699
10051
10049
Yes
Security Only
6.1.7601.28117
https://support.microsoft.com/help/5073699
10051
10049
5073699
5073698
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073698
5071505
10379
10378
Yes
Monthly Rollup
6.2.9200.25868
https://support.microsoft.com/help/5073698
10379
10378
5073698
5073722
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073722
5071543
10816
10852
10853
10855
Yes
Security Update
10.0.14393.8783
https://support.microsoft.com/help/5073722
10816
10852
10853
10855
5073722
5073697
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073697
5071504
9312
9318
10287
9344
Yes
Monthly Rollup
6.0.6003.23717
https://support.microsoft.com/help/5073697
9312
9318
10287
9344
5073697
5073700
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073700
9312
9318
10287
9344
Yes
Security Only
6.0.6003.23717
https://support.microsoft.com/help/5073700
9312
9318
10287
9344
5073700
5073696
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073696
5071503
10543
10483
Yes
Monthly Rollup
6.3.9600.22968
https://support.microsoft.com/help/5073696
10543
10483
5073696
<a href="https://x.com/immortalp0ny">Sergey Tarasov</a> with <a href="https://global.ptsecurity.com/en/">Positive Technologies</a>
1.0
2026-01-13T08:00:00
<p>Information published.</p>
Windows Management Services Elevation of Privilege Vulnerability
<p>Use after free in Windows Management Services allows an authorized attacker to elevate privileges locally.</p>
<p><strong>According to the CVSS metric, successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?</strong></p>
<p>In this case, a successful attack could be performed from a low privilege <a href="https://docs.microsoft.com/windows/win32/secauthz/appcontainer-isolation">AppContainer</a>. The attacker could elevate their privileges and execute code or access resources at a higher integrity level than that of the AppContainer execution environment.</p>
<p><strong>What privileges could be gained by an attacker who successfully exploited the vulnerability?</strong></p>
<p>An attacker could use this vulnerability to elevate privileges from a Low Integrity Level in a contained ("sandboxed") execution environment to a Medium Integrity Level. Please refer to <a href="https://learn.microsoft.com/en-us/windows/win32/secauthz/appcontainer-isolation">AppContainer isolation</a> and <a href="https://learn.microsoft.com/en-us/windows/win32/secauthz/mandatory-integrity-control">Mandatory Integrity Control</a> for more information.</p>
<p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p>
<p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p>
Windows Management Services
Microsoft
Yes
CVE-2026-20923
Use After Free
11568
11569
11571
11572
11923
11924
11929
11930
11931
12097
12098
12099
12437
20437
20438
12242
12243
12244
12389
12390
12436
Elevation of Privilege
11568
Elevation of Privilege
11569
Elevation of Privilege
11571
Elevation of Privilege
11572
Elevation of Privilege
11923
Elevation of Privilege
11924
Elevation of Privilege
11929
Elevation of Privilege
11930
Elevation of Privilege
11931
Elevation of Privilege
12097
Elevation of Privilege
12098
Elevation of Privilege
12099
Elevation of Privilege
12437
Elevation of Privilege
20437
Elevation of Privilege
20438
Elevation of Privilege
12242
Elevation of Privilege
12243
Elevation of Privilege
12244
Elevation of Privilege
12389
Elevation of Privilege
12390
Elevation of Privilege
12436
Important
11568
Important
11569
Important
11571
Important
11572
Important
11923
Important
11924
Important
11929
Important
11930
Important
11931
Important
12097
Important
12098
Important
12099
Important
12437
Important
20437
Important
20438
Important
12242
Important
12243
Important
12244
Important
12389
Important
12390
Important
12436
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
7.8
6.8
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
11568
7.8
6.8
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
11569
7.8
6.8
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
11571
7.8
6.8
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
11572
7.8
6.8
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
11923
7.8
6.8
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
11924
7.8
6.8
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
11929
7.8
6.8
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
11930
7.8
6.8
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
11931
7.8
6.8
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
12097
7.8
6.8
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
12098
7.8
6.8
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
12099
7.8
6.8
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
12437
7.8
6.8
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
20437
7.8
6.8
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
20438
7.8
6.8
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
12242
7.8
6.8
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
12243
7.8
6.8
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
12244
7.8
6.8
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
12389
7.8
6.8
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
12390
7.8
6.8
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
12436
5073723
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073723
5071544
11568
11569
11571
11572
Yes
Security Update
10.0.17763.8276
https://support.microsoft.com/help/5073723
11568
11569
11571
11572
5073723
5073723
https://support.microsoft.com/help/5073723
11568
11569
11571
11572
5073457
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073457
5071547
11923
11924
Yes
Security Update
10.0.20348.4648
https://support.microsoft.com/help/5073457
11923
11924
5073457
5073457
https://support.microsoft.com/help/5073457
11923
11924
5073724
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073724
5071546
11929
11930
11931
Yes
Security Update
10.0.19044.6809
https://support.microsoft.com/help/5073724
11929
11930
11931
5073724
5073724
https://support.microsoft.com/help/5073724
11929
11930
11931
12097
12098
12099
5073724
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073724
5071546
12097
12098
12099
Yes
Security Update
10.0.19045.6809
https://support.microsoft.com/help/5073724
12097
12098
12099
5073724
5073379
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073379
5072033
12437
12436
Yes
Security Update
10.0.26100.32230
https://support.microsoft.com/en-us/topic/a6021fd2-b3b7-45a7-b68e-35c28a2a77da
12437
12436
5073379
5073379
https://support.microsoft.com/help/5073379
12437
12436
5074109
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5074109
5072033
20437
20438
Yes
Security Update
10.0.26200.7623
https://support.microsoft.com/help/5074109
20437
20438
5074109
5074109
https://support.microsoft.com/help/5074109
20437
20438
12389
12390
5073455
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073455
5071417
12242
12243
Yes
Security Update
10.0.22631.6491
https://support.microsoft.com/help/5073455
12242
12243
5073455
5073455
https://support.microsoft.com/help/5073455
12242
12243
5073450
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073450
5071542
12244
Yes
Security Update
10.0.25398.2092
https://support.microsoft.com/help/5073450
12244
5073450
5073450
https://support.microsoft.com/help/5073450
12244
5074109
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5074109
5072033
12389
12390
Yes
Security Update
10.0.26100.7623
https://support.microsoft.com/help/5074109
12389
12390
5074109
Anonymous
1.0
2026-01-13T08:00:00
<p>Information published.</p>
Windows Management Services Elevation of Privilege Vulnerability
<p>Use after free in Windows Management Services allows an authorized attacker to elevate privileges locally.</p>
<p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p>
<p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p>
<p><strong>According to the CVSS metric, successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?</strong></p>
<p>In this case, a successful attack could be performed from a low privilege <a href="https://docs.microsoft.com/windows/win32/secauthz/appcontainer-isolation">AppContainer</a>. The attacker could elevate their privileges and execute code or access resources at a higher integrity level than that of the AppContainer execution environment.</p>
<p><strong>What privileges could be gained by an attacker who successfully exploited the vulnerability?</strong></p>
<p>An attacker could use this vulnerability to elevate privileges from a Low Integrity Level in a contained ("sandboxed") execution environment to a Medium Integrity Level. Please refer to <a href="https://learn.microsoft.com/en-us/windows/win32/secauthz/appcontainer-isolation">AppContainer isolation</a> and <a href="https://learn.microsoft.com/en-us/windows/win32/secauthz/mandatory-integrity-control">Mandatory Integrity Control</a> for more information.</p>
Windows Management Services
Microsoft
Yes
CVE-2026-20924
Use After Free
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
11568
11569
11571
11572
11923
11924
11929
11930
11931
12097
12098
12099
12437
20437
20438
12242
12243
12244
12389
12390
12436
Elevation of Privilege
11568
Elevation of Privilege
11569
Elevation of Privilege
11571
Elevation of Privilege
11572
Elevation of Privilege
11923
Elevation of Privilege
11924
Elevation of Privilege
11929
Elevation of Privilege
11930
Elevation of Privilege
11931
Elevation of Privilege
12097
Elevation of Privilege
12098
Elevation of Privilege
12099
Elevation of Privilege
12437
Elevation of Privilege
20437
Elevation of Privilege
20438
Elevation of Privilege
12242
Elevation of Privilege
12243
Elevation of Privilege
12244
Elevation of Privilege
12389
Elevation of Privilege
12390
Elevation of Privilege
12436
Important
11568
Important
11569
Important
11571
Important
11572
Important
11923
Important
11924
Important
11929
Important
11930
Important
11931
Important
12097
Important
12098
Important
12099
Important
12437
Important
20437
Important
20438
Important
12242
Important
12243
Important
12244
Important
12389
Important
12390
Important
12436
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
7.8
6.8
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
11568
7.8
6.8
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
11569
7.8
6.8
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
11571
7.8
6.8
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
11572
7.8
6.8
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
11923
7.8
6.8
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
11924
7.8
6.8
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
11929
7.8
6.8
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
11930
7.8
6.8
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
11931
7.8
6.8
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
12097
7.8
6.8
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
12098
7.8
6.8
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
12099
7.8
6.8
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
12437
7.8
6.8
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
20437
7.8
6.8
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
20438
7.8
6.8
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
12242
7.8
6.8
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
12243
7.8
6.8
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
12244
7.8
6.8
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
12389
7.8
6.8
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
12390
7.8
6.8
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
12436
5073723
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073723
5071544
11568
11569
11571
11572
Yes
Security Update
10.0.17763.8276
https://support.microsoft.com/help/5073723
11568
11569
11571
11572
5073723
5073723
https://support.microsoft.com/help/5073723
11568
11569
11571
11572
5073457
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073457
5071547
11923
11924
Yes
Security Update
10.0.20348.4648
https://support.microsoft.com/help/5073457
11923
11924
5073457
5073457
https://support.microsoft.com/help/5073457
11923
11924
5073724
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073724
5071546
11929
11930
11931
Yes
Security Update
10.0.19044.6809
https://support.microsoft.com/help/5073724
11929
11930
11931
5073724
5073724
https://support.microsoft.com/help/5073724
11929
11930
11931
12097
12098
12099
5073724
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073724
5071546
12097
12098
12099
Yes
Security Update
10.0.19045.6809
https://support.microsoft.com/help/5073724
12097
12098
12099
5073724
5073379
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073379
5072033
12437
12436
Yes
Security Update
10.0.26100.32230
https://support.microsoft.com/en-us/topic/a6021fd2-b3b7-45a7-b68e-35c28a2a77da
12437
12436
5073379
5073379
https://support.microsoft.com/help/5073379
12437
12436
5074109
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5074109
5072033
20437
20438
Yes
Security Update
10.0.26200.7623
https://support.microsoft.com/help/5074109
20437
20438
5074109
5074109
https://support.microsoft.com/help/5074109
20437
20438
12389
12390
5073455
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073455
5071417
12242
12243
Yes
Security Update
10.0.22631.6491
https://support.microsoft.com/help/5073455
12242
12243
5073455
5073455
https://support.microsoft.com/help/5073455
12242
12243
5073450
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073450
5071542
12244
Yes
Security Update
10.0.25398.2092
https://support.microsoft.com/help/5073450
12244
5073450
5073450
https://support.microsoft.com/help/5073450
12244
5074109
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5074109
5072033
12389
12390
Yes
Security Update
10.0.26100.7623
https://support.microsoft.com/help/5074109
12389
12390
5074109
Anonymous
1.0
2026-01-13T08:00:00
<p>Information published.</p>
NTLM Hash Disclosure Spoofing Vulnerability
<p>External control of file name or path in Windows NTLM allows an unauthorized attacker to perform spoofing over a network.</p>
<p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p>
<p>Minimal interaction with a malicious file by a user such as selecting (single-click), inspecting (right-click), or performing an action other than opening or executing the file could trigger this vulnerability.</p>
Windows NTLM
Microsoft
Yes
CVE-2026-20925
External Control of File Name or Path
11568
11569
11571
11572
11923
11924
11929
11930
11931
12097
12098
12099
12437
20437
20438
12242
12243
12244
12389
12390
12436
10852
10853
10816
10855
9312
10287
9318
9344
10051
10049
10378
10379
10483
10543
Spoofing
11568
Spoofing
11569
Spoofing
11571
Spoofing
11572
Spoofing
11923
Spoofing
11924
Spoofing
11929
Spoofing
11930
Spoofing
11931
Spoofing
12097
Spoofing
12098
Spoofing
12099
Spoofing
12437
Spoofing
20437
Spoofing
20438
Spoofing
12242
Spoofing
12243
Spoofing
12244
Spoofing
12389
Spoofing
12390
Spoofing
12436
Spoofing
10852
Spoofing
10853
Spoofing
10816
Spoofing
10855
Spoofing
9312
Spoofing
10287
Spoofing
9318
Spoofing
9344
Spoofing
10051
Spoofing
10049
Spoofing
10378
Spoofing
10379
Spoofing
10483
Spoofing
10543
Important
11568
Important
11569
Important
11571
Important
11572
Important
11923
Important
11924
Important
11929
Important
11930
Important
11931
Important
12097
Important
12098
Important
12099
Important
12437
Important
20437
Important
20438
Important
12242
Important
12243
Important
12244
Important
12389
Important
12390
Important
12436
Important
10852
Important
10853
Important
10816
Important
10855
Important
9312
Important
10287
Important
9318
Important
9344
Important
10051
Important
10049
Important
10378
Important
10379
Important
10483
Important
10543
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11568
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11569
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11571
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11572
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11923
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11924
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11929
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11930
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11931
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12097
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12098
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12099
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12437
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
20437
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
20438
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12242
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12243
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12244
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12389
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12390
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12436
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10852
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10853
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10816
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10855
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
9312
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10287
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
9318
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
9344
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10051
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10049
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10378
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10379
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10483
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10543
5073723
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073723
5071544
11568
11569
11571
11572
Yes
Security Update
10.0.17763.8276
https://support.microsoft.com/help/5073723
11568
11569
11571
11572
5073723
5073723
https://support.microsoft.com/help/5073723
11568
11569
11571
11572
5073457
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073457
5071547
11923
11924
Yes
Security Update
10.0.20348.4648
https://support.microsoft.com/help/5073457
11923
11924
5073457
5073457
https://support.microsoft.com/help/5073457
11923
11924
5073724
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073724
5071546
11929
11930
11931
Yes
Security Update
10.0.19044.6809
https://support.microsoft.com/help/5073724
11929
11930
11931
5073724
5073724
https://support.microsoft.com/help/5073724
11929
11930
11931
12097
12098
12099
5073724
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073724
5071546
12097
12098
12099
Yes
Security Update
10.0.19045.6809
https://support.microsoft.com/help/5073724
12097
12098
12099
5073724
5073379
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073379
5072033
12437
12436
Yes
Security Update
10.0.26100.32230
https://support.microsoft.com/en-us/topic/a6021fd2-b3b7-45a7-b68e-35c28a2a77da
12437
12436
5073379
5073379
https://support.microsoft.com/help/5073379
12437
12436
5074109
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5074109
5072033
20437
20438
Yes
Security Update
10.0.26200.7623
https://support.microsoft.com/help/5074109
20437
20438
5074109
5074109
https://support.microsoft.com/help/5074109
20437
20438
12389
12390
5073455
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073455
5071417
12242
12243
Yes
Security Update
10.0.22631.6491
https://support.microsoft.com/help/5073455
12242
12243
5073455
5073455
https://support.microsoft.com/help/5073455
12242
12243
5073450
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073450
5071542
12244
Yes
Security Update
10.0.25398.2092
https://support.microsoft.com/help/5073450
12244
5073450
5073450
https://support.microsoft.com/help/5073450
12244
5074109
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5074109
5072033
12389
12390
Yes
Security Update
10.0.26100.7623
https://support.microsoft.com/help/5074109
12389
12390
5074109
5073722
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073722
5071543
10852
10853
10816
10855
Yes
Security Update
10.0.14393.8783
https://support.microsoft.com/help/5073722
10852
10853
10816
10855
5073722
5073697
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073697
5071504
9312
10287
9318
9344
Yes
Monthly Rollup
6.0.6003.23717
https://support.microsoft.com/help/5073697
9312
10287
9318
9344
5073697
5073700
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073700
9312
10287
9318
9344
Yes
Security Only
6.0.6003.23717
https://support.microsoft.com/help/5073700
9312
10287
9318
9344
5073700
5073695
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073695
5071501
10051
10049
Yes
Monthly Rollup
6.1.7601.28117
https://support.microsoft.com/help/5073695
10051
10049
5073695
5073699
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073699
10051
10049
Yes
Security Only
6.1.7601.28117
https://support.microsoft.com/help/5073699
10051
10049
5073699
5073698
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073698
5071505
10378
10379
Yes
Monthly Rollup
6.2.9200.25868
https://support.microsoft.com/help/5073698
10378
10379
5073698
5073696
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073696
5071503
10483
10543
Yes
Monthly Rollup
6.3.9600.22968
https://support.microsoft.com/help/5073696
10483
10543
5073696
<a href="https://www.linkedin.com/in/richard-medlin1/">Richard Medlin (BoDYRoTx)</a>
1.0
2026-01-13T08:00:00
<p>Information published.</p>
Windows SMB Server Elevation of Privilege Vulnerability
<p>Concurrent execution using shared resource with improper synchronization ('race condition') in Windows SMB Server allows an authorized attacker to elevate privileges over a network.</p>
<p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p>
<p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p>
<p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p>
<p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p>
Windows SMB Server
Microsoft
Yes
CVE-2026-20926
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
11568
11569
11571
11572
11923
11924
11929
11930
11931
12097
12098
12099
12437
20437
20438
12242
12243
12244
12389
12390
12436
10852
10853
10816
10855
10378
10379
10483
10543
Elevation of Privilege
11568
Elevation of Privilege
11569
Elevation of Privilege
11571
Elevation of Privilege
11572
Elevation of Privilege
11923
Elevation of Privilege
11924
Elevation of Privilege
11929
Elevation of Privilege
11930
Elevation of Privilege
11931
Elevation of Privilege
12097
Elevation of Privilege
12098
Elevation of Privilege
12099
Elevation of Privilege
12437
Elevation of Privilege
20437
Elevation of Privilege
20438
Elevation of Privilege
12242
Elevation of Privilege
12243
Elevation of Privilege
12244
Elevation of Privilege
12389
Elevation of Privilege
12390
Elevation of Privilege
12436
Elevation of Privilege
10852
Elevation of Privilege
10853
Elevation of Privilege
10816
Elevation of Privilege
10855
Elevation of Privilege
10378
Elevation of Privilege
10379
Elevation of Privilege
10483
Elevation of Privilege
10543
Important
11568
Important
11569
Important
11571
Important
11572
Important
11923
Important
11924
Important
11929
Important
11930
Important
11931
Important
12097
Important
12098
Important
12099
Important
12437
Important
20437
Important
20438
Important
12242
Important
12243
Important
12244
Important
12389
Important
12390
Important
12436
Important
10852
Important
10853
Important
10816
Important
10855
Important
10378
Important
10379
Important
10483
Important
10543
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11568
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11569
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11571
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11572
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11923
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11924
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11929
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11930
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11931
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12097
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12098
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12099
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12437
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
20437
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
20438
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12242
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12243
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12244
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12389
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12390
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12436
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10852
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10853
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10816
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10855
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10378
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10379
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10483
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10543
5073723
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073723
5071544
11568
11569
11571
11572
Yes
Security Update
10.0.17763.8276
https://support.microsoft.com/help/5073723
11568
11569
11571
11572
5073723
5073723
https://support.microsoft.com/help/5073723
11568
11569
11571
11572
5073457
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073457
5071547
11923
11924
Yes
Security Update
10.0.20348.4648
https://support.microsoft.com/help/5073457
11923
11924
5073457
5073457
https://support.microsoft.com/help/5073457
11923
11924
5073724
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073724
5071546
11929
11930
11931
Yes
Security Update
10.0.19044.6809
https://support.microsoft.com/help/5073724
11929
11930
11931
5073724
5073724
https://support.microsoft.com/help/5073724
11929
11930
11931
12097
12098
12099
5073724
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073724
5071546
12097
12098
12099
Yes
Security Update
10.0.19045.6809
https://support.microsoft.com/help/5073724
12097
12098
12099
5073724
5073379
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073379
5072033
12437
12436
Yes
Security Update
10.0.26100.32230
https://support.microsoft.com/en-us/topic/a6021fd2-b3b7-45a7-b68e-35c28a2a77da
12437
12436
5073379
5073379
https://support.microsoft.com/help/5073379
12437
12436
5074109
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5074109
5072033
20437
20438
Yes
Security Update
10.0.26200.7623
https://support.microsoft.com/help/5074109
20437
20438
5074109
5074109
https://support.microsoft.com/help/5074109
20437
20438
12389
12390
5073455
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073455
5071417
12242
12243
Yes
Security Update
10.0.22631.6491
https://support.microsoft.com/help/5073455
12242
12243
5073455
5073455
https://support.microsoft.com/help/5073455
12242
12243
5073450
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073450
5071542
12244
Yes
Security Update
10.0.25398.2092
https://support.microsoft.com/help/5073450
12244
5073450
5073450
https://support.microsoft.com/help/5073450
12244
5074109
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5074109
5072033
12389
12390
Yes
Security Update
10.0.26100.7623
https://support.microsoft.com/help/5074109
12389
12390
5074109
5073722
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073722
5071543
10852
10853
10816
10855
Yes
Security Update
10.0.14393.8783
https://support.microsoft.com/help/5073722
10852
10853
10816
10855
5073722
5073698
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073698
5071505
10378
10379
Yes
Monthly Rollup
6.2.9200.25868
https://support.microsoft.com/help/5073698
10378
10379
5073698
5073696
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073696
5071503
10483
10543
Yes
Monthly Rollup
6.3.9600.22968
https://support.microsoft.com/help/5073696
10483
10543
5073696
Microsoft
1.0
2026-01-13T08:00:00
<p>Information published.</p>
Windows SMB Server Denial of Service Vulnerability
<p>Concurrent execution using shared resource with improper synchronization ('race condition') in Windows SMB Server allows an authorized attacker to deny service over a network.</p>
<p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p>
<p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p>
Windows SMB Server
Microsoft
Yes
CVE-2026-20927
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
11568
11569
11571
11572
11923
11924
11929
11930
11931
12097
12098
12099
12437
20437
20438
12242
12243
12244
12389
12390
12436
10852
10853
10816
10855
9312
10287
9318
9344
10051
10049
10378
10379
10483
10543
Denial of Service
11568
Denial of Service
11569
Denial of Service
11571
Denial of Service
11572
Denial of Service
11923
Denial of Service
11924
Denial of Service
11929
Denial of Service
11930
Denial of Service
11931
Denial of Service
12097
Denial of Service
12098
Denial of Service
12099
Denial of Service
12437
Denial of Service
20437
Denial of Service
20438
Denial of Service
12242
Denial of Service
12243
Denial of Service
12244
Denial of Service
12389
Denial of Service
12390
Denial of Service
12436
Denial of Service
10852
Denial of Service
10853
Denial of Service
10816
Denial of Service
10855
Denial of Service
9312
Denial of Service
10287
Denial of Service
9318
Denial of Service
9344
Denial of Service
10051
Denial of Service
10049
Denial of Service
10378
Denial of Service
10379
Denial of Service
10483
Denial of Service
10543
Important
11568
Important
11569
Important
11571
Important
11572
Important
11923
Important
11924
Important
11929
Important
11930
Important
11931
Important
12097
Important
12098
Important
12099
Important
12437
Important
20437
Important
20438
Important
12242
Important
12243
Important
12244
Important
12389
Important
12390
Important
12436
Important
10852
Important
10853
Important
10816
Important
10855
Important
9312
Important
10287
Important
9318
Important
9344
Important
10051
Important
10049
Important
10378
Important
10379
Important
10483
Important
10543
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely
5.3
4.6
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11568
5.3
4.6
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11569
5.3
4.6
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11571
5.3
4.6
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11572
5.3
4.6
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11923
5.3
4.6
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11924
5.3
4.6
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11929
5.3
4.6
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11930
5.3
4.6
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11931
5.3
4.6
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
12097
5.3
4.6
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
12098
5.3
4.6
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
12099
5.3
4.6
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
12437
5.3
4.6
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
20437
5.3
4.6
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
20438
5.3
4.6
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
12242
5.3
4.6
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
12243
5.3
4.6
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
12244
5.3
4.6
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
12389
5.3
4.6
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
12390
5.3
4.6
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
12436
5.3
4.6
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10852
5.3
4.6
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10853
5.3
4.6
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10816
5.3
4.6
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10855
5.3
4.6
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
9312
5.3
4.6
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10287
5.3
4.6
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
9318
5.3
4.6
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
9344
5.3
4.6
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10051
5.3
4.6
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10049
5.3
4.6
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10378
5.3
4.6
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10379
5.3
4.6
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10483
5.3
4.6
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10543
5073723
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073723
5071544
11568
11569
11571
11572
Yes
Security Update
10.0.17763.8276
https://support.microsoft.com/help/5073723
11568
11569
11571
11572
5073723
5073723
https://support.microsoft.com/help/5073723
11568
11569
11571
11572
5073457
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073457
5071547
11923
11924
Yes
Security Update
10.0.20348.4648
https://support.microsoft.com/help/5073457
11923
11924
5073457
5073457
https://support.microsoft.com/help/5073457
11923
11924
5073724
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073724
5071546
11929
11930
11931
Yes
Security Update
10.0.19044.6809
https://support.microsoft.com/help/5073724
11929
11930
11931
5073724
5073724
https://support.microsoft.com/help/5073724
11929
11930
11931
12097
12098
12099
5073724
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073724
5071546
12097
12098
12099
Yes
Security Update
10.0.19045.6809
https://support.microsoft.com/help/5073724
12097
12098
12099
5073724
5073379
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073379
5072033
12437
12436
Yes
Security Update
10.0.26100.32230
https://support.microsoft.com/en-us/topic/a6021fd2-b3b7-45a7-b68e-35c28a2a77da
12437
12436
5073379
5073379
https://support.microsoft.com/help/5073379
12437
12436
5074109
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5074109
5072033
20437
20438
Yes
Security Update
10.0.26200.7623
https://support.microsoft.com/help/5074109
20437
20438
5074109
5074109
https://support.microsoft.com/help/5074109
20437
20438
12389
12390
5073455
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073455
5071417
12242
12243
Yes
Security Update
10.0.22631.6491
https://support.microsoft.com/help/5073455
12242
12243
5073455
5073455
https://support.microsoft.com/help/5073455
12242
12243
5073450
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073450
5071542
12244
Yes
Security Update
10.0.25398.2092
https://support.microsoft.com/help/5073450
12244
5073450
5073450
https://support.microsoft.com/help/5073450
12244
5074109
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5074109
5072033
12389
12390
Yes
Security Update
10.0.26100.7623
https://support.microsoft.com/help/5074109
12389
12390
5074109
5073722
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073722
5071543
10852
10853
10816
10855
Yes
Security Update
10.0.14393.8783
https://support.microsoft.com/help/5073722
10852
10853
10816
10855
5073722
5073697
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073697
5071504
9312
10287
9318
9344
Yes
Monthly Rollup
6.0.6003.23717
https://support.microsoft.com/help/5073697
9312
10287
9318
9344
5073697
5073700
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073700
9312
10287
9318
9344
Yes
Security Only
6.0.6003.23717
https://support.microsoft.com/help/5073700
9312
10287
9318
9344
5073700
5073695
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073695
5071501
10051
10049
Yes
Monthly Rollup
6.1.7601.28117
https://support.microsoft.com/help/5073695
10051
10049
5073695
5073699
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073699
10051
10049
Yes
Security Only
6.1.7601.28117
https://support.microsoft.com/help/5073699
10051
10049
5073699
5073698
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073698
5071505
10378
10379
Yes
Monthly Rollup
6.2.9200.25868
https://support.microsoft.com/help/5073698
10378
10379
5073698
5073696
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073696
5071503
10483
10543
Yes
Monthly Rollup
6.3.9600.22968
https://support.microsoft.com/help/5073696
10483
10543
5073696
Microsoft
Microsoft
1.0
2026-01-13T08:00:00
<p>Information published.</p>
Windows File Explorer Information Disclosure Vulnerability
<p>Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an authorized attacker to disclose information locally.</p>
<p><strong>What type of information could be disclosed by this vulnerability?</strong></p>
<p>The type of information that could be disclosed if an attacker successfully exploited this vulnerability is an address from an object operating at a High Integrity Level in a contained ("sandboxed") execution environment.</p>
<p>Please refer to <a href="https://learn.microsoft.com/en-us/windows/win32/secauthz/appcontainer-isolation">AppContainer isolation</a> and <a href="https://learn.microsoft.com/en-us/windows/win32/secauthz/mandatory-integrity-control">Mandatory Integrity Control</a> for more information.</p>
Windows File Explorer
Microsoft
Yes
CVE-2026-20932
Exposure of Sensitive Information to an Unauthorized Actor
11568
11569
11571
11572
11923
11924
11929
11930
11931
12097
12098
12099
12437
20437
20438
12242
12243
12244
12389
12390
12436
10852
10853
10816
10855
Information Disclosure
11568
Information Disclosure
11569
Information Disclosure
11571
Information Disclosure
11572
Information Disclosure
11923
Information Disclosure
11924
Information Disclosure
11929
Information Disclosure
11930
Information Disclosure
11931
Information Disclosure
12097
Information Disclosure
12098
Information Disclosure
12099
Information Disclosure
12437
Information Disclosure
20437
Information Disclosure
20438
Information Disclosure
12242
Information Disclosure
12243
Information Disclosure
12244
Information Disclosure
12389
Information Disclosure
12390
Information Disclosure
12436
Information Disclosure
10852
Information Disclosure
10853
Information Disclosure
10816
Information Disclosure
10855
Important
11568
Important
11569
Important
11571
Important
11572
Important
11923
Important
11924
Important
11929
Important
11930
Important
11931
Important
12097
Important
12098
Important
12099
Important
12437
Important
20437
Important
20438
Important
12242
Important
12243
Important
12244
Important
12389
Important
12390
Important
12436
Important
10852
Important
10853
Important
10816
Important
10855
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11568
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11569
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11571
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11572
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11923
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11924
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11929
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11930
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11931
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12097
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12098
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12099
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12437
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
20437
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
20438
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12242
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12243
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12244
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12389
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12390
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12436
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10852
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10853
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10816
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10855
5073723
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073723
5071544
11568
11569
11571
11572
Yes
Security Update
10.0.17763.8276
https://support.microsoft.com/help/5073723
11568
11569
11571
11572
5073723
5073723
https://support.microsoft.com/help/5073723
11568
11569
11571
11572
5073457
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073457
5071547
11923
11924
Yes
Security Update
10.0.20348.4648
https://support.microsoft.com/help/5073457
11923
11924
5073457
5073457
https://support.microsoft.com/help/5073457
11923
11924
5073724
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073724
5071546
11929
11930
11931
Yes
Security Update
10.0.19044.6809
https://support.microsoft.com/help/5073724
11929
11930
11931
5073724
5073724
https://support.microsoft.com/help/5073724
11929
11930
11931
12097
12098
12099
5073724
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073724
5071546
12097
12098
12099
Yes
Security Update
10.0.19045.6809
https://support.microsoft.com/help/5073724
12097
12098
12099
5073724
5073379
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073379
5072033
12437
12436
Yes
Security Update
10.0.26100.32230
https://support.microsoft.com/en-us/topic/a6021fd2-b3b7-45a7-b68e-35c28a2a77da
12437
12436
5073379
5073379
https://support.microsoft.com/help/5073379
12437
12436
5074109
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5074109
5072033
20437
20438
Yes
Security Update
10.0.26200.7623
https://support.microsoft.com/help/5074109
20437
20438
5074109
5074109
https://support.microsoft.com/help/5074109
20437
20438
12389
12390
5073455
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073455
5071417
12242
12243
Yes
Security Update
10.0.22631.6491
https://support.microsoft.com/help/5073455
12242
12243
5073455
5073455
https://support.microsoft.com/help/5073455
12242
12243
5073450
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073450
5071542
12244
Yes
Security Update
10.0.25398.2092
https://support.microsoft.com/help/5073450
12244
5073450
5073450
https://support.microsoft.com/help/5073450
12244
5074109
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5074109
5072033
12389
12390
Yes
Security Update
10.0.26100.7623
https://support.microsoft.com/help/5074109
12389
12390
5074109
5073722
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073722
5071543
10852
10853
10816
10855
Yes
Security Update
10.0.14393.8783
https://support.microsoft.com/help/5073722
10852
10853
10816
10855
5073722
1.0
2026-01-13T08:00:00
<p>Information published.</p>
Windows SMB Server Elevation of Privilege Vulnerability
<p>Concurrent execution using shared resource with improper synchronization ('race condition') in Windows SMB Server allows an authorized attacker to elevate privileges over a network.</p>
<p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p>
<p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p>
<p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p>
<p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p>
Windows SMB Server
Microsoft
Yes
CVE-2026-20934
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
11568
11569
11571
11572
11923
11924
11929
11930
11931
12097
12098
12099
12437
20437
20438
12242
12243
12244
12389
12390
12436
10852
10853
10816
10855
10378
10379
10483
10543
Elevation of Privilege
11568
Elevation of Privilege
11569
Elevation of Privilege
11571
Elevation of Privilege
11572
Elevation of Privilege
11923
Elevation of Privilege
11924
Elevation of Privilege
11929
Elevation of Privilege
11930
Elevation of Privilege
11931
Elevation of Privilege
12097
Elevation of Privilege
12098
Elevation of Privilege
12099
Elevation of Privilege
12437
Elevation of Privilege
20437
Elevation of Privilege
20438
Elevation of Privilege
12242
Elevation of Privilege
12243
Elevation of Privilege
12244
Elevation of Privilege
12389
Elevation of Privilege
12390
Elevation of Privilege
12436
Elevation of Privilege
10852
Elevation of Privilege
10853
Elevation of Privilege
10816
Elevation of Privilege
10855
Elevation of Privilege
10378
Elevation of Privilege
10379
Elevation of Privilege
10483
Elevation of Privilege
10543
Important
11568
Important
11569
Important
11571
Important
11572
Important
11923
Important
11924
Important
11929
Important
11930
Important
11931
Important
12097
Important
12098
Important
12099
Important
12437
Important
20437
Important
20438
Important
12242
Important
12243
Important
12244
Important
12389
Important
12390
Important
12436
Important
10852
Important
10853
Important
10816
Important
10855
Important
10378
Important
10379
Important
10483
Important
10543
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11568
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11569
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11571
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11572
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11923
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11924
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11929
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11930
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11931
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12097
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12098
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12099
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12437
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
20437
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
20438
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12242
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12243
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12244
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12389
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12390
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12436
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10852
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10853
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10816
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10855
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10378
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10379
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10483
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10543
5073723
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073723
5071544
11568
11569
11571
11572
Yes
Security Update
10.0.17763.8276
https://support.microsoft.com/help/5073723
11568
11569
11571
11572
5073723
5073723
https://support.microsoft.com/help/5073723
11568
11569
11571
11572
5073457
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073457
5071547
11923
11924
Yes
Security Update
10.0.20348.4648
https://support.microsoft.com/help/5073457
11923
11924
5073457
5073457
https://support.microsoft.com/help/5073457
11923
11924
5073724
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073724
5071546
11929
11930
11931
Yes
Security Update
10.0.19044.6809
https://support.microsoft.com/help/5073724
11929
11930
11931
5073724
5073724
https://support.microsoft.com/help/5073724
11929
11930
11931
12097
12098
12099
5073724
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073724
5071546
12097
12098
12099
Yes
Security Update
10.0.19045.6809
https://support.microsoft.com/help/5073724
12097
12098
12099
5073724
5073379
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073379
5072033
12437
12436
Yes
Security Update
10.0.26100.32230
https://support.microsoft.com/en-us/topic/a6021fd2-b3b7-45a7-b68e-35c28a2a77da
12437
12436
5073379
5073379
https://support.microsoft.com/help/5073379
12437
12436
5074109
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5074109
5072033
20437
20438
Yes
Security Update
10.0.26200.7623
https://support.microsoft.com/help/5074109
20437
20438
5074109
5074109
https://support.microsoft.com/help/5074109
20437
20438
12389
12390
5073455
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073455
5071417
12242
12243
Yes
Security Update
10.0.22631.6491
https://support.microsoft.com/help/5073455
12242
12243
5073455
5073455
https://support.microsoft.com/help/5073455
12242
12243
5073450
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073450
5071542
12244
Yes
Security Update
10.0.25398.2092
https://support.microsoft.com/help/5073450
12244
5073450
5073450
https://support.microsoft.com/help/5073450
12244
5074109
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5074109
5072033
12389
12390
Yes
Security Update
10.0.26100.7623
https://support.microsoft.com/help/5074109
12389
12390
5074109
5073722
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073722
5071543
10852
10853
10816
10855
Yes
Security Update
10.0.14393.8783
https://support.microsoft.com/help/5073722
10852
10853
10816
10855
5073722
5073698
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073698
5071505
10378
10379
Yes
Monthly Rollup
6.2.9200.25868
https://support.microsoft.com/help/5073698
10378
10379
5073698
5073696
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073696
5071503
10483
10543
Yes
Monthly Rollup
6.3.9600.22968
https://support.microsoft.com/help/5073696
10483
10543
5073696
Microsoft
Microsoft
1.0
2026-01-13T08:00:00
<p>Information published.</p>
Windows Virtualization-Based Security (VBS) Enclave Elevation of Privilege Vulnerability
<p>Untrusted pointer dereference in Windows Virtualization-Based Security (VBS) Enclave allows an authorized attacker to elevate privileges locally.</p>
<p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p>
<p>An attacker who successfully exploited this vulnerability could gain Virtual Trust Level 1 (VTL1) privileges.</p>
Windows Virtualization-Based Security (VBS) Enclave
Microsoft
Yes
CVE-2026-20938
Untrusted Pointer Dereference
20438
12389
12390
12242
12243
20437
Elevation of Privilege
20438
Elevation of Privilege
12389
Elevation of Privilege
12390
Elevation of Privilege
12242
Elevation of Privilege
12243
Elevation of Privilege
20437
Important
20438
Important
12389
Important
12390
Important
12242
Important
12243
Important
20437
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
20438
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12389
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12390
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12242
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12243
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
20437
5074109
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5074109
5072033
20438
20437
Yes
Security Update
10.0.26200.7623
https://support.microsoft.com/help/5074109
20438
20437
5074109
5074109
https://support.microsoft.com/help/5074109
20438
12389
12390
20437
5074109
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5074109
5072033
12389
12390
Yes
Security Update
10.0.26100.7623
https://support.microsoft.com/help/5074109
12389
12390
5074109
5073455
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073455
5071417
12242
12243
Yes
Security Update
10.0.22631.6491
https://support.microsoft.com/help/5073455
12242
12243
5073455
5073455
https://support.microsoft.com/help/5073455
12242
12243
1.0
2026-01-13T08:00:00
<p>Information published.</p>
Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
<p>Heap-based buffer overflow in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally.</p>
<p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p>
<p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p>
Windows Cloud Files Mini Filter Driver
Microsoft
Yes
CVE-2026-20940
Untrusted Pointer Dereference
12099
12242
12243
11572
11930
10816
12097
10852
10853
10287
9344
9312
10855
10051
9318
11931
12098
10543
10049
10483
10379
10378
11568
11569
11571
11923
11924
11929
Elevation of Privilege
12099
Elevation of Privilege
12242
Elevation of Privilege
12243
Elevation of Privilege
11572
Elevation of Privilege
11930
Elevation of Privilege
10816
Elevation of Privilege
12097
Elevation of Privilege
10852
Elevation of Privilege
10853
Elevation of Privilege
10287
Elevation of Privilege
9344
Elevation of Privilege
9312
Elevation of Privilege
10855
Elevation of Privilege
10051
Elevation of Privilege
9318
Elevation of Privilege
11931
Elevation of Privilege
12098
Elevation of Privilege
10543
Elevation of Privilege
10049
Elevation of Privilege
10483
Elevation of Privilege
10379
Elevation of Privilege
10378
Elevation of Privilege
11568
Elevation of Privilege
11569
Elevation of Privilege
11571
Elevation of Privilege
11923
Elevation of Privilege
11924
Elevation of Privilege
11929
Important
12099
Important
12242
Important
12243
Important
11572
Important
11930
Important
10816
Important
12097
Important
10852
Important
10853
Important
10287
Important
9344
Important
9312
Important
10855
Important
10051
Important
9318
Important
11931
Important
12098
Important
10543
Important
10049
Important
10483
Important
10379
Important
10378
Important
11568
Important
11569
Important
11571
Important
11923
Important
11924
Important
11929
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12099
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12242
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12243
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11572
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11930
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10816
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12097
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10852
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10853
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10287
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9344
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9312
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10855
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10051
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9318
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11931
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12098
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10543
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10049
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10483
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10379
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10378
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11568
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11569
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11571
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11923
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11924
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11929
5073724
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073724
5071546
12099
12097
12098
Yes
Security Update
10.0.19045.6809
https://support.microsoft.com/help/5073724
12099
12097
12098
5073724
5073724
https://support.microsoft.com/help/5073724
12099
11930
12097
11931
12098
11929
5073455
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073455
5071417
12242
12243
Yes
Security Update
10.0.22631.6491
https://support.microsoft.com/help/5073455
12242
12243
5073455
5073455
https://support.microsoft.com/help/5073455
12242
12243
5073723
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073723
5071544
11572
11568
11569
11571
Yes
Security Update
10.0.17763.8276
https://support.microsoft.com/help/5073723
11572
11568
11569
11571
5073723
5073723
https://support.microsoft.com/help/5073723
11572
11568
11569
11571
5073724
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073724
5071546
11930
11931
11929
Yes
Security Update
10.0.19044.6809
https://support.microsoft.com/help/5073724
11930
11931
11929
5073724
5073722
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073722
5071543
10816
10852
10853
10855
Yes
Security Update
10.0.14393.8783
https://support.microsoft.com/help/5073722
10816
10852
10853
10855
5073722
5073697
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073697
5071504
10287
9344
9312
9318
Yes
Monthly Rollup
6.0.6003.23717
https://support.microsoft.com/help/5073697
10287
9344
9312
9318
5073697
5073700
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073700
10287
9344
9312
9318
Yes
Security Only
6.0.6003.23717
https://support.microsoft.com/help/5073700
10287
9344
9312
9318
5073700
5073695
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073695
5071501
10051
10049
Yes
Monthly Rollup
6.1.7601.28117
https://support.microsoft.com/help/5073695
10051
10049
5073695
5073699
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073699
10051
10049
Yes
Security Only
6.1.7601.28117
https://support.microsoft.com/help/5073699
10051
10049
5073699
5073696
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073696
5071503
10543
10483
Yes
Monthly Rollup
6.3.9600.22968
https://support.microsoft.com/help/5073696
10543
10483
5073696
5073698
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073698
5071505
10379
10378
Yes
Monthly Rollup
6.2.9200.25868
https://support.microsoft.com/help/5073698
10379
10378
5073698
5073457
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073457
5071547
11923
11924
Yes
Security Update
10.0.20348.4648
https://support.microsoft.com/help/5073457
11923
11924
5073457
5073457
https://support.microsoft.com/help/5073457
11923
11924
Vimal Sindh
1.0
2026-01-13T08:00:00
<p>Information published.</p>
Microsoft Office Click-To-Run Remote Code Execution Vulnerability
<p>Untrusted search path in Microsoft Office allows an unauthorized attacker to execute code locally.</p>
<p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p>
<p>Successful exploitation of this vulnerability requires an attacker to prepare the target environment to improve exploit reliability.</p>
<p><strong>Are there additional steps I need to take to be protected from this vulnerability?</strong></p>
<p>Customers should download the latest Office Deployment Tool (ODT) and ensure that this version, or any newer version, is used for all future deployments to remain protected against CVE-2026-20943.</p>
<p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p>
<p>A user would need to be tricked into opening a folder that contains a specially crafted file.</p>
<p><strong>Is the Preview Pane an attack vector for this vulnerability?</strong></p>
<p>No, the Preview Pane is not an attack vector.</p>
Microsoft Office
Microsoft
Yes
CVE-2026-20943
Untrusted Search Path
11585
10753
10754
10950
11961
20810
Remote Code Execution
11585
Remote Code Execution
10753
Remote Code Execution
10754
Remote Code Execution
10950
Remote Code Execution
11961
Remote Code Execution
20810
Important
11585
Important
10753
Important
10754
Important
10950
Important
11961
Important
20810
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11585
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10753
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10754
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10950
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11961
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
20810
5002825
https://www.microsoft.com/en-us/download/details.aspx?id=108525
5002816
11585
Maybe
Security Update
16.0.10417.20083
https://support.microsoft.com/help/5002825
11585
5002825
5002826
https://www.microsoft.com/en-us/download/details.aspx?id=108523
5002819
10753
10754
Maybe
Security Update
16.0.5535.1000
https://support.microsoft.com/help/5002826
10753
10754
5002826
5002828
https://www.microsoft.com/en-us/download/details.aspx?id=108518
5002821
10950
Maybe
Security Update
16.0.5535.1001
https://support.microsoft.com/help/5002828
10950
5002828
5002822
https://www.microsoft.com/en-us/download/details.aspx?id=108517
5002815
11961
Maybe
Security Update
16.0.19127.20442
https://support.microsoft.com/help/5002822
11961
5002822
Release Notes
20810
Maybe
Security Update
16.0.19426.20170
https://www.microsoft.com/en-in/download/details.aspx?id=49117&msockid=35f9adb0e74b61392038b90de6fe608c
20810
Release Notes
Kazuma Matsumoto, Security Researcher at GMO Cybersecurity by IERAE, Inc.
1.0
2026-01-13T08:00:00
<p>Information published.</p>
1.2
2026-01-20T08:00:00
<p>Updated FAQ information. This is an informational change only.</p>
1.1
2026-01-20T08:00:00
<p>Corrected CVE title. This is an informational change only.</p>
Microsoft Word Remote Code Execution Vulnerability
<p>Out-of-bounds read in Microsoft Office Word allows an unauthorized attacker to execute code locally.</p>
<p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p>
<p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability.</p>
<p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p>
<p>An attacker must send a user a malicious Office file and convince them to open it.</p>
<p><strong>Is the Preview Pane an attack vector for this vulnerability?</strong></p>
<p>Yes, the Preview Pane is an attack vector.</p>
Microsoft Office Word
Microsoft
Yes
CVE-2026-20944
Out-of-bounds Read
11762
11763
11951
12440
Remote Code Execution
11762
Remote Code Execution
11763
Remote Code Execution
11951
Remote Code Execution
12440
Critical
11762
Critical
11763
Critical
11951
Critical
12440
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
8.4
7.3
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11762
8.4
7.3
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11763
8.4
7.3
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11951
8.4
7.3
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12440
Click to Run
11762
11763
No
Security Update
https://aka.ms/OfficeSecurityReleases
https://docs.microsoft.com/en-us/officeupdates/office365-proplus-security-updates
11762
11763
Click to Run
Release Notes
https://go.microsoft.com/fwlink/p/?linkid=831049
11951
12440
Maybe
Security Update
16.105.26011018
https://go.microsoft.com/fwlink/p/?linkid=831049
11951
12440
Release Notes
Mose Nilsson
1.0
2026-01-13T08:00:00
<p>Information published.</p>
Microsoft Excel Remote Code Execution Vulnerability
<p>Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to execute code locally.</p>
<p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p>
<p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability.</p>
<p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p>
<p>An attacker must send a user a malicious Office file and convince them to open it.</p>
<p><strong>Is the Preview Pane an attack vector for this vulnerability?</strong></p>
<p>No, the Preview Pane is not an attack vector.</p>
Microsoft Office Excel
Microsoft
Yes
CVE-2026-20946
Out-of-bounds Read
11573
11574
11762
11763
11951
11952
11953
12420
12421
12440
10739
10740
Remote Code Execution
11573
Remote Code Execution
11574
Remote Code Execution
11762
Remote Code Execution
11763
Remote Code Execution
11951
Remote Code Execution
11952
Remote Code Execution
11953
Remote Code Execution
12420
Remote Code Execution
12421
Remote Code Execution
12440
Remote Code Execution
10739
Remote Code Execution
10740
Important
11573
Important
11574
Important
11762
Important
11763
Important
11951
Important
11952
Important
11953
Important
12420
Important
12421
Important
12440
Important
10739
Important
10740
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11573
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11574
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11762
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11763
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11951
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11952
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11953
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12420
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12421
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12440
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10739
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10740
Click to Run
11573
11574
11762
11763
11952
11953
12420
12421
No
Security Update
https://aka.ms/OfficeSecurityReleases
https://docs.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates
11573
11574
11762
11763
11952
11953
12420
12421
Click to Run
Release Notes
https://go.microsoft.com/fwlink/p/?linkid=831049
11951
12440
Maybe
Security Update
16.105.26011018
https://go.microsoft.com/fwlink/p/?linkid=831049
11951
12440
Release Notes
5002831
https://www.microsoft.com/en-us/download/details.aspx?id=108521
5002820
10739
10740
Maybe
Security Update
16.0.5535.1000
https://support.microsoft.com/help/5002831
10739
10740
5002831
wh1tc@Kunlun lab& devoke & Zhiniang Peng with HUST
1.0
2026-01-13T08:00:00
<p>Information published.</p>
Microsoft SharePoint Server Remote Code Execution Vulnerability
<p>Improper input validation in Microsoft Office SharePoint allows an unauthorized attacker to execute code locally.</p>
<p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p>
<p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability.</p>
<p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p>
<p>The user must open or load attacker‑controlled content—such as importing a malicious WSDL or opening a file—so the application processes it and triggers the vulnerability.</p>
Microsoft Office SharePoint
Microsoft
Yes
CVE-2026-20951
Improper Input Validation
10950
11585
11961
Remote Code Execution
10950
Remote Code Execution
11585
Remote Code Execution
11961
Important
10950
Important
11585
Important
11961
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10950
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11585
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11961
5002828
https://www.microsoft.com/en-us/download/details.aspx?id=108518
5002821
10950
Maybe
Security Update
16.0.5535.1001
https://support.microsoft.com/help/5002828
10950
5002828
5002825
https://www.microsoft.com/en-us/download/details.aspx?id=108525
5002816
11585
Maybe
Security Update
16.0.10417.20083
https://support.microsoft.com/help/5002825
11585
5002825
5002822
https://www.microsoft.com/en-us/download/details.aspx?id=108517
5002815
11961
Maybe
Security Update
16.0.19127.20442
https://support.microsoft.com/help/5002822
11961
5002822
<a href="https://twitter.com/chudypb">Piotr Bazydło (@chudypb)</a>
1.0
2026-01-13T08:00:00
<p>Information published.</p>
Microsoft Office Remote Code Execution Vulnerability
<p>Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.</p>
<p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p>
<p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability.</p>
<p><strong>How could an attacker exploit this vulnerability?</strong></p>
<p>To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system.</p>
<p>Additionally, an attacker could convince a local user to open a malicious file. The attacker would have to convince the user to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file.</p>
<p><strong>How could an attacker exploit this vulnerability?</strong></p>
<p>Exploitation of this vulnerability requires that an attacker send a malicious link to the victim via email, or that they convince the user to click the link, typically by way of an enticement in an email or Instant Messenger message. In the worst-case email attack scenario, an attacker could send a specially crafted email to the user without a requirement that the victim open, read, or click on the link. This could result in the attacker executing remote code on the victim's machine. When multiple attack vectors can be used, we assign a score based on the scenario with the higher risk (UI:N).</p>
<p><strong>Is the Preview Pane an attack vector for this vulnerability?</strong></p>
<p>Yes, the Preview Pane is an attack vector.</p>
Microsoft Office
Microsoft
Yes
CVE-2026-20953
Use After Free
11574
11573
11763
11762
12420
11953
11952
11951
12421
12440
10753
10754
Remote Code Execution
11574
Remote Code Execution
11573
Remote Code Execution
11763
Remote Code Execution
11762
Remote Code Execution
12420
Remote Code Execution
11953
Remote Code Execution
11952
Remote Code Execution
11951
Remote Code Execution
12421
Remote Code Execution
12440
Remote Code Execution
10753
Remote Code Execution
10754
Critical
11574
Critical
11573
Critical
11763
Critical
11762
Critical
12420
Critical
11953
Critical
11952
Critical
11951
Critical
12421
Critical
12440
Critical
10753
Critical
10754
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
8.4
7.3
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11574
8.4
7.3
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11573
8.4
7.3
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11763
8.4
7.3
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11762
8.4
7.3
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12420
8.4
7.3
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11953
8.4
7.3
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11952
8.4
7.3
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11951
8.4
7.3
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12421
8.4
7.3
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12440
8.4
7.3
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10753
8.4
7.3
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10754
Click to Run
11574
11573
11763
11762
12420
11953
11952
12421
No
Security Update
https://aka.ms/OfficeSecurityReleases
https://docs.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates
11574
11573
11763
11762
12420
11953
11952
12421
Click to Run
Release Notes
https://go.microsoft.com/fwlink/p/?linkid=831049
11951
12440
Maybe
Security Update
16.105.26011018
https://go.microsoft.com/fwlink/p/?linkid=831049
11951
12440
Release Notes
5002826
https://www.microsoft.com/en-us/download/details.aspx?id=108523
5002819
10753
10754
Maybe
Security Update
16.0.5535.1000
https://support.microsoft.com/help/5002826
10753
10754
5002826
wh1tc@Kunlun lab & devoke & Zhiniang Peng with HUST
wh1tc@Kunlun lab & devoke & Zhiniang Peng with HUST
1.0
2026-01-13T08:00:00
<p>Information published.</p>
Microsoft Excel Remote Code Execution Vulnerability
<p>Untrusted pointer dereference in Microsoft Office Excel allows an unauthorized attacker to execute code locally.</p>
<p><strong>Is the Preview Pane an attack vector for this vulnerability?</strong></p>
<p>No, the Preview Pane is not an attack vector.</p>
<p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p>
<p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability.</p>
<p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p>
<p>An attacker must send a user a malicious Office file and convince them to open it.</p>
Microsoft Office Excel
Microsoft
Yes
CVE-2026-20955
Untrusted Pointer Dereference
10836
11573
11574
11762
11763
11951
11952
11953
12420
12421
12440
Remote Code Execution
10836
Remote Code Execution
11573
Remote Code Execution
11574
Remote Code Execution
11762
Remote Code Execution
11763
Remote Code Execution
11951
Remote Code Execution
11952
Remote Code Execution
11953
Remote Code Execution
12420
Remote Code Execution
12421
Remote Code Execution
12440
Critical
10836
Critical
11573
Critical
11574
Critical
11762
Critical
11763
Critical
11951
Critical
11952
Critical
11953
Critical
12420
Critical
12421
Critical
12440
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10836
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11573
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11574
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11762
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11763
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11951
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11952
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11953
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12420
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12421
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12440
5002824
https://www.microsoft.com/en-us/download/details.aspx?id=108522
5002817
10836
Maybe
Security Update
16.0.10417.20083
https://support.microsoft.com/help/5002824
10836
5002824
Click to Run
11573
11574
11762
11763
11952
11953
12420
12421
No
Security Update
https://aka.ms/OfficeSecurityReleases
https://docs.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates
11573
11574
11762
11763
11952
11953
12420
12421
Click to Run
Release Notes
https://go.microsoft.com/fwlink/p/?linkid=831049
11951
12440
Maybe
Security Update
16.105.26011018
https://go.microsoft.com/fwlink/p/?linkid=831049
11951
12440
Release Notes
<a href="https://www.linkedin.com/in/boolgombear/">Minjea Park</a>
1.0
2026-01-13T08:00:00
<p>Information published.</p>
Microsoft Excel Remote Code Execution Vulnerability
<p>Untrusted pointer dereference in Microsoft Office Excel allows an unauthorized attacker to execute code locally.</p>
<p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p>
<p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability.</p>
<p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p>
<p>An attacker must send a user a malicious Office file and convince them to open it.</p>
<p><strong>Is the Preview Pane an attack vector for this vulnerability?</strong></p>
<p>No, the Preview Pane is not an attack vector.</p>
Microsoft Office Excel
Microsoft
Yes
CVE-2026-20956
Untrusted Pointer Dereference
11762
11763
11951
11952
11953
12420
12421
12440
Remote Code Execution
11762
Remote Code Execution
11763
Remote Code Execution
11951
Remote Code Execution
11952
Remote Code Execution
11953
Remote Code Execution
12420
Remote Code Execution
12421
Remote Code Execution
12440
Important
11762
Important
11763
Important
11951
Important
11952
Important
11953
Important
12420
Important
12421
Important
12440
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11762
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11763
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11951
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11952
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11953
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12420
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12421
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12440
Click to Run
11762
11763
11952
11953
12420
12421
No
Security Update
https://aka.ms/OfficeSecurityReleases
https://docs.microsoft.com/en-us/officeupdates/office365-proplus-security-updates
11762
11763
11952
11953
12420
12421
Click to Run
Release Notes
https://go.microsoft.com/fwlink/p/?linkid=831049
11951
12440
Maybe
Security Update
16.105.26011018
https://go.microsoft.com/fwlink/p/?linkid=831049
11951
12440
Release Notes
<a href="https://www.linkedin.com/in/boolgombear/">Minjea Park</a>
1.0
2026-01-13T08:00:00
<p>Information published.</p>
Microsoft SharePoint Server Spoofing Vulnerability
<p>Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.</p>
<p><strong>According to the CVSS metric, user interaction is required (UI:R) and privileges required is low (PR:L). What does that mean for this vulnerability?</strong></p>
<p>An authorized attacker must send the user a malicious link and convince the user to open it.</p>
<p><strong>According to the CVSS metrics, successful exploitation of this vulnerability could lead to some loss of confidentiality (C:L), and integrity (I:L) but lead to no loss of availability (A:N). What is the impact of this vulnerability?</strong></p>
<p>An attacker who successfully exploited the vulnerability could view some sensitive information (Confidentiality), make changes to disclosed information (Integrity), but cannot limit access to the resource (Availability).</p>
Microsoft Office SharePoint
Microsoft
Yes
CVE-2026-20959
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
10950
11585
11961
Spoofing
10950
Spoofing
11585
Spoofing
11961
Important
10950
Important
11585
Important
11961
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
4.6
4.0
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C
10950
4.6
4.0
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C
11585
4.6
4.0
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C
11961
5002828
https://www.microsoft.com/en-us/download/details.aspx?id=108518
5002821
10950
Maybe
Security Update
16.0.5535.1001
https://support.microsoft.com/help/5002828
10950
5002828
5002825
https://www.microsoft.com/en-us/download/details.aspx?id=108525
5002816
11585
Maybe
Security Update
16.0.10417.20083
https://support.microsoft.com/help/5002825
11585
5002825
5002822
https://www.microsoft.com/en-us/download/details.aspx?id=108517
5002815
11961
Maybe
Security Update
16.0.19127.20442
https://support.microsoft.com/help/5002822
11961
5002822
<a href="https://ch.linkedin.com/in/martin-wrona-7746122b8">Martin Wrona (martin_jw)</a> with <a href="https://www.galaxus.ch/">Digitec Galaxus AG</a>
1.0
2026-01-13T08:00:00
<p>Information published.</p>
Capability Access Management Service (camsvc) Elevation of Privilege Vulnerability
<p>Concurrent execution using shared resource with improper synchronization ('race condition') in Capability Access Management Service (camsvc) allows an authorized attacker to elevate privileges locally.</p>
<p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p>
<p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p>
<p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p>
<p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p>
Capability Access Management Service (camsvc)
Microsoft
Yes
CVE-2026-20830
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
Use After Free
12437
12436
Elevation of Privilege
12437
Elevation of Privilege
12436
Important
12437
Important
12436
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12437
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12436
5073379
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073379
5072033
12437
12436
Yes
Security Update
10.0.26100.32230
https://support.microsoft.com/en-us/topic/a6021fd2-b3b7-45a7-b68e-35c28a2a77da
12437
12436
5073379
5073379
https://support.microsoft.com/help/5073379
12437
12436
<a href="https://twitter.com/keyz3r0">k0shl</a>
1.0
2026-01-13T08:00:00
<p>Information published.</p>
1.1
2026-01-20T08:00:00
<p>Updated the build numbers. This is an informational update only.</p>
Capability Access Management Service (camsvc) Elevation of Privilege Vulnerability
<p>Concurrent execution using shared resource with improper synchronization ('race condition') in Capability Access Management Service (camsvc) allows an authorized attacker to elevate privileges locally.</p>
<p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p>
<p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p>
<p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p>
<p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p>
Capability Access Management Service (camsvc)
Microsoft
Yes
CVE-2026-21221
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
Use After Free
12437
20437
20438
12389
12390
12436
Elevation of Privilege
12437
Elevation of Privilege
20437
Elevation of Privilege
20438
Elevation of Privilege
12389
Elevation of Privilege
12390
Elevation of Privilege
12436
Important
12437
Important
20437
Important
20438
Important
12389
Important
12390
Important
12436
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12437
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
20437
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
20438
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12389
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12390
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12436
5073379
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073379
5072033
12437
12436
Yes
Security Update
10.0.26100.32230
https://support.microsoft.com/en-us/topic/a6021fd2-b3b7-45a7-b68e-35c28a2a77da
12437
12436
5073379
5073379
https://support.microsoft.com/help/5073379
12437
12436
5074109
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5074109
5072033
20437
20438
Yes
Security Update
10.0.26200.7623
https://support.microsoft.com/help/5074109
20437
20438
5074109
5074109
https://support.microsoft.com/help/5074109
20437
20438
12389
12390
5074109
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5074109
5072033
12389
12390
Yes
Security Update
10.0.26100.7623
https://support.microsoft.com/help/5074109
12389
12390
5074109
<a href="https://twitter.com/keyz3r0">k0shl</a>
1.0
2026-01-13T08:00:00
<p>Information published.</p>
1.1
2026-01-20T08:00:00
<p>Updated the build numbers. This is an informational update only.</p>
Azure Connected Machine Agent Elevation of Privilege Vulnerability
<p>Stack-based buffer overflow in Azure Connected Machine Agent allows an authorized attacker to elevate privileges locally.</p>
<p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p>
<p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p>
<p><strong>According to the CVSS metric, the attack vector is local (AV:L). What does that mean for this vulnerability?</strong></p>
<p>An attacker could trigger this vulnerability remotely by having valid permissions on the Azure Resource Manager (ARM) API to access the Azure Relay. In the worst case scenario, an attacker could locally trigger this vulnerability by running code as a lower-privileged user on the same computer that Azure Arc is running on (AV:L). When multiple attack vectors can be used, we assign a score based on the scenario with the higher risk.</p>
Azure Connected Machine Agent
Microsoft
Yes
CVE-2026-21224
Stack-based Buffer Overflow
12264
Elevation of Privilege
12264
Important
12264
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12264
Release Notes
https://gbl.his.arc.azure.com/azcmagent/1.60/AzureConnectedMachineAgent.msi
12264
No
Windows Update
1.60.03293.2680
https://learn.microsoft.com/en-us/azure/azure-arc/servers/agent-release-notes
12264
Release Notes
Release Notes
https://learn.microsoft.com/en-us/azure/azure-arc/servers/manage-agent?tabs=windows#install-a-specific-version-of-the-agent
12264
No
Linux Update
1.60.03293.809
https://learn.microsoft.com/en-us/azure/azure-arc/servers/agent-release-notes
12264
Release Notes
<a href="https://www.linkedin.com/in/amir-gombo-39771b25a/">Amir Gombo</a> with Microsoft
Yonatan Migdal with Microsoft
1.0
2026-01-13T08:00:00
<p>Information published.</p>
Microsoft SharePoint Server Remote Code Execution Vulnerability
<p>Improper neutralization of special elements used in an sql command ('sql injection') in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.</p>
<p><strong>According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability?</strong></p>
<p>Any authenticated attacker could trigger this vulnerability. It does not require admin or other elevated privileges.</p>
<p><strong>How could an attacker exploit the vulnerability?</strong></p>
<p>In a network-based attack, an authenticated attacker, who has a minimum of Site Member permissions (PR:L), could execute code remotely on the SharePoint Server.</p>
<p><strong>There are multiple update packages available for some of the affected software. Do I need to install all the updates listed in the Security Updates table for the software?</strong></p>
<p>Yes. Customers should apply all updates offered for the software installed on their systems. If multiple updates apply, they can be installed in any order.</p>
Microsoft Office SharePoint
Microsoft
Yes
CVE-2026-20947
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
10950
11585
11961
Remote Code Execution
10950
Remote Code Execution
11585
Remote Code Execution
11961
Important
10950
Important
11585
Important
11961
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10950
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11585
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11961
5002828
https://www.microsoft.com/en-us/download/details.aspx?id=108518
5002821
10950
Maybe
Security Update
16.0.5535.1001
https://support.microsoft.com/help/5002828
10950
5002828
5002827
https://www.microsoft.com/en-us/download/details.aspx?id=108519
5002804
10950
Maybe
Security Update
16.0.5535.1000
https://support.microsoft.com/help/5002827
10950
5002827
5002825
https://www.microsoft.com/en-us/download/details.aspx?id=108525
5002816
11585
Maybe
Security Update
16.0.10417.20083
https://support.microsoft.com/help/5002825
11585
5002825
5002823
https://www.microsoft.com/en-us/download/details.aspx?id=108520
5002802
11585
Maybe
Security Update
16.0.10417.20083
https://support.microsoft.com/help/5002823
11585
5002823
5002822
https://www.microsoft.com/en-us/download/details.aspx?id=108517
5002815
11961
Maybe
Security Update
16.0.19127.20442
https://support.microsoft.com/help/5002822
11961
5002822
41ae55e9310ff27fa6f26af4727e5590
1.0
2026-01-13T08:00:00
<p>Information published.</p>
PowerApps Desktop Client Remote Code Execution Vulnerability
<p>Improper authorization in Microsoft Power Apps allows an authorized attacker to execute code over a network.</p>
<p><strong>According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability?</strong></p>
<p>Any authenticated attacker could trigger this vulnerability. It does not require admin or other elevated privileges.</p>
<p><strong>According to the CVSS metric, the attack vector is network (AV:N) and user interaction is required (UI:R). What is the target context of the remote code execution?</strong> This attack requires a user to open a specially crafted shared app from the attacker to initiate remote code execution.</p>
Microsoft Power Apps
Microsoft
Yes
CVE-2026-20960
Improper Authorization
16748
Remote Code Execution
16748
Important
16748
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
8.0
7.0
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
16748
Release Notes
https://learn.microsoft.com/en-us/power-apps/mobile/windows-app-install
16748
No
Security Update
25121
https://learn.microsoft.com/en-us/power-platform/released-versions/powerapps-studio-players/3.25121
16748
Release Notes
<a href="https://www.linkedin.com/in/alasdair-gorniak/">Alasdair Gorniak</a> and Tobias Diehl
<a href="https://www.linkedin.com/in/alasdair-gorniak/">Alasdair Gorniak</a> and Tobias Diehl
1.0
2026-01-16T08:00:00
<p>Information published.</p>
2.0
2026-01-29T08:00:00
<p>Corrected Download links in the Security Updates table. This is an informational change only.</p>
Chromium: CVE-2026-0907 Incorrect security UI in Split View
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2024">Google Chrome Releases</a> for more information.</p>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>144.0.3719.82</td>
<td>01/16/2026</td>
<td>144.0.7559.60</td>
</tr>
</tbody>
</table>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-0907
11655
11655
11655
Release Notes
11655
No
Security Update
144.0.3719.82
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-01-16T20:08:25
<p>Information published.</p>
Chromium: CVE-2026-0906 Incorrect security UI
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2024">Google Chrome Releases</a> for more information.</p>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>144.0.3719.82</td>
<td>01/16/2026</td>
<td>144.0.7559.60</td>
</tr>
</tbody>
</table>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-0906
11655
11655
11655
Release Notes
11655
No
Security Update
144.0.3719.82
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-01-16T20:08:24
<p>Information published.</p>
Chromium: CVE-2026-0905 Insufficient policy enforcement in Network
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2024">Google Chrome Releases</a> for more information.</p>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>144.0.3719.82</td>
<td>01/16/2026</td>
<td>144.0.7559.60</td>
</tr>
</tbody>
</table>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-0905
11655
11655
11655
Release Notes
11655
No
Security Update
144.0.3719.82
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-01-16T20:08:24
<p>Information published.</p>
Chromium: CVE-2026-0904 Incorrect security UI in Digital Credentials
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2024">Google Chrome Releases</a> for more information.</p>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>144.0.3719.82</td>
<td>01/16/2026</td>
<td>144.0.7559.60</td>
</tr>
</tbody>
</table>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-0904
11655
11655
11655
Release Notes
11655
No
Security Update
144.0.3719.82
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-01-16T20:08:23
<p>Information published.</p>
Chromium: CVE-2026-0903 Insufficient validation of untrusted input in Downloads
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2024">Google Chrome Releases</a> for more information.</p>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>144.0.3719.82</td>
<td>01/16/2026</td>
<td>144.0.7559.60</td>
</tr>
</tbody>
</table>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-0903
11655
11655
11655
Release Notes
11655
No
Security Update
144.0.3719.82
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-01-16T20:08:22
<p>Information published.</p>
Chromium: CVE-2026-0901 Inappropriate implementation in Blink
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2024">Google Chrome Releases</a> for more information.</p>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>144.0.3719.82</td>
<td>01/16/2026</td>
<td>144.0.7559.60</td>
</tr>
</tbody>
</table>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-0901
11655
11655
11655
Release Notes
11655
No
Security Update
144.0.3719.82
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-01-16T20:08:20
<p>Information published.</p>
Chromium: CVE-2026-0899 Out of bounds memory access in V8
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2024">Google Chrome Releases</a> for more information.</p>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>144.0.3719.82</td>
<td>01/16/2026</td>
<td>144.0.7559.60</td>
</tr>
</tbody>
</table>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-0899
11655
11655
11655
Release Notes
11655
No
Security Update
144.0.3719.82
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-01-16T20:08:16
<p>Information published.</p>
Chromium: CVE-2026-1504 Inappropriate implementation in Background Fetch API
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2024">Google Chrome Releases</a> for more information.</p>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>144.0.3719.104</td>
<td>01/29/2026</td>
<td>144.0.7559.109/.110</td>
</tr>
</tbody>
</table>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-1504
11655
11655
11655
Release Notes
11655
No
Security Update
144.0.3719.104
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-01-30T03:20:43
<p>Information published.</p>
Windows Routing and Remote Access Service (RRAS) Elevation of Privilege Vulnerability
<p>Improper access control in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to elevate privileges locally.</p>
<p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p>
<p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p>
Windows Routing and Remote Access Service (RRAS)
Microsoft
Yes
CVE-2026-20843
Improper Access Control
11568
11569
11571
11572
11923
11924
11929
11930
11931
12097
12098
12099
12437
20437
20438
12242
12243
12244
12389
12390
12436
10852
10853
10816
10855
9312
10287
9318
9344
10051
10049
10378
10379
10483
10543
Elevation of Privilege
11568
Elevation of Privilege
11569
Elevation of Privilege
11571
Elevation of Privilege
11572
Elevation of Privilege
11923
Elevation of Privilege
11924
Elevation of Privilege
11929
Elevation of Privilege
11930
Elevation of Privilege
11931
Elevation of Privilege
12097
Elevation of Privilege
12098
Elevation of Privilege
12099
Elevation of Privilege
12437
Elevation of Privilege
20437
Elevation of Privilege
20438
Elevation of Privilege
12242
Elevation of Privilege
12243
Elevation of Privilege
12244
Elevation of Privilege
12389
Elevation of Privilege
12390
Elevation of Privilege
12436
Elevation of Privilege
10852
Elevation of Privilege
10853
Elevation of Privilege
10816
Elevation of Privilege
10855
Elevation of Privilege
9312
Elevation of Privilege
10287
Elevation of Privilege
9318
Elevation of Privilege
9344
Elevation of Privilege
10051
Elevation of Privilege
10049
Elevation of Privilege
10378
Elevation of Privilege
10379
Elevation of Privilege
10483
Elevation of Privilege
10543
Important
11568
Important
11569
Important
11571
Important
11572
Important
11923
Important
11924
Important
11929
Important
11930
Important
11931
Important
12097
Important
12098
Important
12099
Important
12437
Important
20437
Important
20438
Important
12242
Important
12243
Important
12244
Important
12389
Important
12390
Important
12436
Important
10852
Important
10853
Important
10816
Important
10855
Important
9312
Important
10287
Important
9318
Important
9344
Important
10051
Important
10049
Important
10378
Important
10379
Important
10483
Important
10543
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11568
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11569
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11571
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11572
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11923
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11924
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11929
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11930
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11931
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12097
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12098
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12099
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12437
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
20437
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
20438
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12242
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12243
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12244
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12389
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12390
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12436
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10852
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10853
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10816
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10855
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9312
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10287
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9318
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9344
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10051
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10049
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10378
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10379
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10483
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10543
5073723
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073723
5071544
11568
11569
11571
11572
Yes
Security Update
10.0.17763.8276
https://support.microsoft.com/help/5073723
11568
11569
11571
11572
5073723
5073723
https://support.microsoft.com/help/5073723
11568
11569
11571
11572
5073457
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073457
5071547
11923
11924
Yes
Security Update
10.0.20348.4648
https://support.microsoft.com/help/5073457
11923
11924
5073457
5073457
https://support.microsoft.com/help/5073457
11923
11924
5073724
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073724
5071546
11929
11930
11931
Yes
Security Update
10.0.19044.6809
https://support.microsoft.com/help/5073724
11929
11930
11931
5073724
5073724
https://support.microsoft.com/help/5073724
11929
11930
11931
12097
12098
12099
5073724
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073724
5071546
12097
12098
12099
Yes
Security Update
10.0.19045.6809
https://support.microsoft.com/help/5073724
12097
12098
12099
5073724
5073379
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073379
5072033
12437
12436
Yes
Security Update
10.0.26100.32230
https://support.microsoft.com/en-us/topic/a6021fd2-b3b7-45a7-b68e-35c28a2a77da
12437
12436
5073379
5073379
https://support.microsoft.com/help/5073379
12437
12436
5074109
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5074109
5072033
20437
20438
Yes
Security Update
10.0.26200.7623
https://support.microsoft.com/help/5074109
20437
20438
5074109
5074109
https://support.microsoft.com/help/5074109
20437
20438
12389
12390
5073455
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073455
5071417
12242
12243
Yes
Security Update
10.0.22631.6491
https://support.microsoft.com/help/5073455
12242
12243
5073455
5073455
https://support.microsoft.com/help/5073455
12242
12243
5073450
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073450
5071542
12244
Yes
Security Update
10.0.25398.2092
https://support.microsoft.com/help/5073450
12244
5073450
5073450
https://support.microsoft.com/help/5073450
12244
5074109
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5074109
5072033
12389
12390
Yes
Security Update
10.0.26100.7623
https://support.microsoft.com/help/5074109
12389
12390
5074109
5073722
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073722
5071543
10852
10853
10816
10855
Yes
Security Update
10.0.14393.8783
https://support.microsoft.com/help/5073722
10852
10853
10816
10855
5073722
5073697
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073697
5071504
9312
10287
9318
9344
Yes
Monthly Rollup
6.0.6003.23717
https://support.microsoft.com/help/5073697
9312
10287
9318
9344
5073697
5073700
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073700
9312
10287
9318
9344
Yes
Security Only
6.0.6003.23717
https://support.microsoft.com/help/5073700
9312
10287
9318
9344
5073700
5073695
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073695
5071501
10051
10049
Yes
Monthly Rollup
6.1.7601.28117
https://support.microsoft.com/help/5073695
10051
10049
5073695
5073699
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073699
10051
10049
Yes
Security Only
6.1.7601.28117
https://support.microsoft.com/help/5073699
10051
10049
5073699
5073698
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073698
5071505
10378
10379
Yes
Monthly Rollup
6.2.9200.25868
https://support.microsoft.com/help/5073698
10378
10379
5073698
5073696
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073696
5071503
10483
10543
Yes
Monthly Rollup
6.3.9600.22968
https://support.microsoft.com/help/5073696
10483
10543
5073696
<a href="https://twitter.com/ezrak1e">Ezrakie</a>
1.0
2026-01-13T08:00:00
<p>Information published.</p>
Windows SMB Server Elevation of Privilege Vulnerability
<p>Concurrent execution using shared resource with improper synchronization ('race condition') in Windows SMB Server allows an authorized attacker to elevate privileges over a network.</p>
<p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p>
<p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p>
<p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p>
<p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p>
Windows SMB Server
Microsoft
Yes
CVE-2026-20848
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
11568
11569
11571
11572
11923
11924
11929
11930
11931
12097
12098
12099
12437
20437
20438
12242
12243
12244
12389
12390
12436
10852
10853
10816
10855
10378
10379
10483
10543
Elevation of Privilege
11568
Elevation of Privilege
11569
Elevation of Privilege
11571
Elevation of Privilege
11572
Elevation of Privilege
11923
Elevation of Privilege
11924
Elevation of Privilege
11929
Elevation of Privilege
11930
Elevation of Privilege
11931
Elevation of Privilege
12097
Elevation of Privilege
12098
Elevation of Privilege
12099
Elevation of Privilege
12437
Elevation of Privilege
20437
Elevation of Privilege
20438
Elevation of Privilege
12242
Elevation of Privilege
12243
Elevation of Privilege
12244
Elevation of Privilege
12389
Elevation of Privilege
12390
Elevation of Privilege
12436
Elevation of Privilege
10852
Elevation of Privilege
10853
Elevation of Privilege
10816
Elevation of Privilege
10855
Elevation of Privilege
10378
Elevation of Privilege
10379
Elevation of Privilege
10483
Elevation of Privilege
10543
Important
11568
Important
11569
Important
11571
Important
11572
Important
11923
Important
11924
Important
11929
Important
11930
Important
11931
Important
12097
Important
12098
Important
12099
Important
12437
Important
20437
Important
20438
Important
12242
Important
12243
Important
12244
Important
12389
Important
12390
Important
12436
Important
10852
Important
10853
Important
10816
Important
10855
Important
10378
Important
10379
Important
10483
Important
10543
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11568
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11569
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11571
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11572
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11923
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11924
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11929
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11930
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11931
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12097
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12098
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12099
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12437
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
20437
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
20438
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12242
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12243
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12244
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12389
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12390
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12436
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10852
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10853
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10816
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10855
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10378
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10379
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10483
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10543
5073723
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073723
5071544
11568
11569
11571
11572
Yes
Security Update
10.0.17763.8276
https://support.microsoft.com/help/5073723
11568
11569
11571
11572
5073723
5073723
https://support.microsoft.com/help/5073723
11568
11569
11571
11572
5073457
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073457
5071547
11923
11924
Yes
Security Update
10.0.20348.4648
https://support.microsoft.com/help/5073457
11923
11924
5073457
5073457
https://support.microsoft.com/help/5073457
11923
11924
5073724
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073724
5071546
11929
11930
11931
Yes
Security Update
10.0.19044.6809
https://support.microsoft.com/help/5073724
11929
11930
11931
5073724
5073724
https://support.microsoft.com/help/5073724
11929
11930
11931
12097
12098
12099
5073724
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073724
5071546
12097
12098
12099
Yes
Security Update
10.0.19045.6809
https://support.microsoft.com/help/5073724
12097
12098
12099
5073724
5073379
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073379
5072033
12437
12436
Yes
Security Update
10.0.26100.32230
https://support.microsoft.com/en-us/topic/a6021fd2-b3b7-45a7-b68e-35c28a2a77da
12437
12436
5073379
5073379
https://support.microsoft.com/help/5073379
12437
12436
5074109
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5074109
5072033
20437
20438
Yes
Security Update
10.0.26200.7623
https://support.microsoft.com/help/5074109
20437
20438
5074109
5074109
https://support.microsoft.com/help/5074109
20437
20438
12389
12390
5073455
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073455
5071417
12242
12243
Yes
Security Update
10.0.22631.6491
https://support.microsoft.com/help/5073455
12242
12243
5073455
5073455
https://support.microsoft.com/help/5073455
12242
12243
5073450
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073450
5071542
12244
Yes
Security Update
10.0.25398.2092
https://support.microsoft.com/help/5073450
12244
5073450
5073450
https://support.microsoft.com/help/5073450
12244
5074109
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5074109
5072033
12389
12390
Yes
Security Update
10.0.26100.7623
https://support.microsoft.com/help/5074109
12389
12390
5074109
5073722
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073722
5071543
10852
10853
10816
10855
Yes
Security Update
10.0.14393.8783
https://support.microsoft.com/help/5073722
10852
10853
10816
10855
5073722
5073698
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073698
5071505
10378
10379
Yes
Monthly Rollup
6.2.9200.25868
https://support.microsoft.com/help/5073698
10378
10379
5073698
5073696
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073696
5071503
10483
10543
Yes
Monthly Rollup
6.3.9600.22968
https://support.microsoft.com/help/5073696
10483
10543
5073696
Microsoft
1.1
2026-01-20T08:00:00
<p>Updated the build numbers. This is an informational update only.</p>
1.0
2026-01-13T08:00:00
<p>Information published.</p>
Windows Kerberos Elevation of Privilege Vulnerability
<p>Reliance on untrusted inputs in a security decision in Windows Kerberos allows an authorized attacker to elevate privileges over a network.</p>
<p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p>
<p>A high attack complexity means the attacker must be able to perform a precise machine‑in‑the‑middle modification of Kerberos traffic, which requires specific network positioning and conditions to succeed.</p>
<p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p>
<p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p>
Windows Kerberos
Microsoft
Yes
CVE-2026-20849
Reliance on Untrusted Inputs in a Security Decision
11568
11569
11571
11572
11923
11924
11929
11930
11931
12097
12098
12099
12437
20437
20438
12242
12243
12244
12389
12390
12436
10852
10853
10816
10855
9312
10287
9318
9344
10051
10049
10378
10379
10483
10543
Elevation of Privilege
11568
Elevation of Privilege
11569
Elevation of Privilege
11571
Elevation of Privilege
11572
Elevation of Privilege
11923
Elevation of Privilege
11924
Elevation of Privilege
11929
Elevation of Privilege
11930
Elevation of Privilege
11931
Elevation of Privilege
12097
Elevation of Privilege
12098
Elevation of Privilege
12099
Elevation of Privilege
12437
Elevation of Privilege
20437
Elevation of Privilege
20438
Elevation of Privilege
12242
Elevation of Privilege
12243
Elevation of Privilege
12244
Elevation of Privilege
12389
Elevation of Privilege
12390
Elevation of Privilege
12436
Elevation of Privilege
10852
Elevation of Privilege
10853
Elevation of Privilege
10816
Elevation of Privilege
10855
Elevation of Privilege
9312
Elevation of Privilege
10287
Elevation of Privilege
9318
Elevation of Privilege
9344
Elevation of Privilege
10051
Elevation of Privilege
10049
Elevation of Privilege
10378
Elevation of Privilege
10379
Elevation of Privilege
10483
Elevation of Privilege
10543
Important
11568
Important
11569
Important
11571
Important
11572
Important
11923
Important
11924
Important
11929
Important
11930
Important
11931
Important
12097
Important
12098
Important
12099
Important
12437
Important
20437
Important
20438
Important
12242
Important
12243
Important
12244
Important
12389
Important
12390
Important
12436
Important
10852
Important
10853
Important
10816
Important
10855
Important
9312
Important
10287
Important
9318
Important
9344
Important
10051
Important
10049
Important
10378
Important
10379
Important
10483
Important
10543
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11568
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11569
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11571
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11572
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11923
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11924
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11929
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11930
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11931
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12097
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12098
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12099
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12437
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
20437
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
20438
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12242
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12243
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12244
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12389
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12390
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12436
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10852
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10853
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10816
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10855
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9312
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10287
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9318
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9344
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10051
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10049
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10378
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10379
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10483
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10543
5073723
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073723
5071544
11568
11569
11571
11572
Yes
Security Update
10.0.17763.8276
https://support.microsoft.com/help/5073723
11568
11569
11571
11572
5073723
5073723
https://support.microsoft.com/help/5073723
11568
11569
11571
11572
5073457
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073457
5071547
11923
11924
Yes
Security Update
10.0.20348.4648
https://support.microsoft.com/help/5073457
11923
11924
5073457
5073457
https://support.microsoft.com/help/5073457
11923
11924
5073724
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073724
5071546
11929
11930
11931
Yes
Security Update
10.0.19044.6809
https://support.microsoft.com/help/5073724
11929
11930
11931
5073724
5073724
https://support.microsoft.com/help/5073724
11929
11930
11931
12097
12098
12099
5073724
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073724
5071546
12097
12098
12099
Yes
Security Update
10.0.19045.6809
https://support.microsoft.com/help/5073724
12097
12098
12099
5073724
5073379
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073379
5072033
12437
12436
Yes
Security Update
10.0.26100.32230
https://support.microsoft.com/en-us/topic/a6021fd2-b3b7-45a7-b68e-35c28a2a77da
12437
12436
5073379
5073379
https://support.microsoft.com/help/5073379
12437
12436
5074109
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5074109
5072033
20437
20438
Yes
Security Update
10.0.26200.7623
https://support.microsoft.com/help/5074109
20437
20438
5074109
5074109
https://support.microsoft.com/help/5074109
20437
20438
12389
12390
5073455
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073455
5071417
12242
12243
Yes
Security Update
10.0.22631.6491
https://support.microsoft.com/help/5073455
12242
12243
5073455
5073455
https://support.microsoft.com/help/5073455
12242
12243
5073450
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073450
5071542
12244
Yes
Security Update
10.0.25398.2092
https://support.microsoft.com/help/5073450
12244
5073450
5073450
https://support.microsoft.com/help/5073450
12244
5074109
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5074109
5072033
12389
12390
Yes
Security Update
10.0.26100.7623
https://support.microsoft.com/help/5074109
12389
12390
5074109
5073722
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073722
5071543
10852
10853
10816
10855
Yes
Security Update
10.0.14393.8783
https://support.microsoft.com/help/5073722
10852
10853
10816
10855
5073722
5073697
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073697
5071504
9312
10287
9318
9344
Yes
Monthly Rollup
6.0.6003.23717
https://support.microsoft.com/help/5073697
9312
10287
9318
9344
5073697
5073700
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073700
9312
10287
9318
9344
Yes
Security Only
6.0.6003.23717
https://support.microsoft.com/help/5073700
9312
10287
9318
9344
5073700
5073695
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073695
5071501
10051
10049
Yes
Monthly Rollup
6.1.7601.28117
https://support.microsoft.com/help/5073695
10051
10049
5073695
5073699
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073699
10051
10049
Yes
Security Only
6.1.7601.28117
https://support.microsoft.com/help/5073699
10051
10049
5073699
5073698
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073698
5071505
10378
10379
Yes
Monthly Rollup
6.2.9200.25868
https://support.microsoft.com/help/5073698
10378
10379
5073698
5073696
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073696
5071503
10483
10543
Yes
Monthly Rollup
6.3.9600.22968
https://support.microsoft.com/help/5073696
10483
10543
5073696
Naveen
1.0
2026-01-13T08:00:00
<p>Information published.</p>
Windows WalletService Elevation of Privilege Vulnerability
<p>Concurrent execution using shared resource with improper synchronization ('race condition') in Windows WalletService allows an unauthorized attacker to elevate privileges locally.</p>
<p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p>
<p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p>
<p><strong>What privileges could be gained by an attacker who successfully exploited the vulnerability?</strong></p>
<p>An attacker who successfully exploited this vulnerability could gain the privileges of the compromised user.</p>
Windows WalletService
Microsoft
Yes
CVE-2026-20853
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
11568
11569
11929
11930
11931
12097
12098
12099
20437
20438
12242
12243
12389
12390
10852
10853
Elevation of Privilege
11568
Elevation of Privilege
11569
Elevation of Privilege
11929
Elevation of Privilege
11930
Elevation of Privilege
11931
Elevation of Privilege
12097
Elevation of Privilege
12098
Elevation of Privilege
12099
Elevation of Privilege
20437
Elevation of Privilege
20438
Elevation of Privilege
12242
Elevation of Privilege
12243
Elevation of Privilege
12389
Elevation of Privilege
12390
Elevation of Privilege
10852
Elevation of Privilege
10853
Important
11568
Important
11569
Important
11929
Important
11930
Important
11931
Important
12097
Important
12098
Important
12099
Important
20437
Important
20438
Important
12242
Important
12243
Important
12389
Important
12390
Important
10852
Important
10853
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
7.4
6.4
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11568
7.4
6.4
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11569
7.4
6.4
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11929
7.4
6.4
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11930
7.4
6.4
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11931
7.4
6.4
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12097
7.4
6.4
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12098
7.4
6.4
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12099
7.4
6.4
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
20437
7.4
6.4
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
20438
7.4
6.4
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12242
7.4
6.4
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12243
7.4
6.4
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12389
7.4
6.4
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12390
7.4
6.4
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10852
7.4
6.4
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10853
5073723
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073723
5071544
11568
11569
Yes
Security Update
10.0.17763.8276
https://support.microsoft.com/help/5073723
11568
11569
5073723
5073723
https://support.microsoft.com/help/5073723
11568
11569
5073724
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073724
5071546
11929
11930
11931
Yes
Security Update
10.0.19044.6809
https://support.microsoft.com/help/5073724
11929
11930
11931
5073724
5073724
https://support.microsoft.com/help/5073724
11929
11930
11931
12097
12098
12099
5073724
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073724
5071546
12097
12098
12099
Yes
Security Update
10.0.19045.6809
https://support.microsoft.com/help/5073724
12097
12098
12099
5073724
5074109
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5074109
5072033
20437
20438
Yes
Security Update
10.0.26200.7623
https://support.microsoft.com/help/5074109
20437
20438
5074109
5074109
https://support.microsoft.com/help/5074109
20437
20438
12389
12390
5073455
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073455
5071417
12242
12243
Yes
Security Update
10.0.22631.6491
https://support.microsoft.com/help/5073455
12242
12243
5073455
5073455
https://support.microsoft.com/help/5073455
12242
12243
5074109
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5074109
5072033
12389
12390
Yes
Security Update
10.0.26100.7623
https://support.microsoft.com/help/5074109
12389
12390
5074109
5073722
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073722
5071543
10852
10853
Yes
Security Update
10.0.14393.8783
https://support.microsoft.com/help/5073722
10852
10853
5073722
<a href="https://twitter.com/hillstone_lab">Zhang WangJunJie, He YiSheng</a> with <a href="https://www.hillstonenet.com/">Hillstone Networks Security Research Institute</a>
1.0
2026-01-13T08:00:00
<p>Information published.</p>
Windows Local Security Authority Subsystem Service (LSASS) Remote Code Execution Vulnerability
<p>Use after free in Windows Local Security Authority Subsystem Service (LSASS) allows an authorized attacker to execute code over a network.</p>
<p><strong>How could an attacker exploit this vulnerability?</strong></p>
<p>An attacker with the ability to modify certain directory attributes could provide crafted data that causes the system to reference invalid memory during authentication, potentially leading to a crash or other unintended behavior.</p>
<p><strong>According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability?</strong></p>
<p>Any authenticated attacker could trigger this vulnerability. It does not require admin or other elevated privileges.</p>
<p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p>
<p>Successful exploitation of this vulnerability requires an attacker to prepare the target environment to improve exploit reliability.</p>
Windows Local Security Authority Subsystem Service (LSASS)
Microsoft
Yes
CVE-2026-20854
Use After Free
12437
20437
20438
12389
12390
12436
Remote Code Execution
12437
Remote Code Execution
20437
Remote Code Execution
20438
Remote Code Execution
12389
Remote Code Execution
12390
Remote Code Execution
12436
Critical
12437
Critical
20437
Critical
20438
Critical
12389
Critical
12390
Critical
12436
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12437
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
20437
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
20438
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12389
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12390
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12436
5073379
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073379
5072033
12437
12436
Yes
Security Update
10.0.26100.32230
https://support.microsoft.com/en-us/topic/a6021fd2-b3b7-45a7-b68e-35c28a2a77da
12437
12436
5073379
5073379
https://support.microsoft.com/help/5073379
12437
12436
5074109
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5074109
5072033
20437
20438
Yes
Security Update
10.0.26200.7623
https://support.microsoft.com/help/5074109
20437
20438
5074109
5074109
https://support.microsoft.com/help/5074109
20437
20438
12389
12390
5074109
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5074109
5072033
12389
12390
Yes
Security Update
10.0.26100.7623
https://support.microsoft.com/help/5074109
12389
12390
5074109
Howard McGreehan with MSRC V&M
1.0
2026-01-13T08:00:00
<p>Information published.</p>
Inbox COM Objects (Global Memory) Remote Code Execution Vulnerability
<p>Use after free in Inbox COM Objects allows an unauthorized attacker to execute code locally.</p>
<p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p>
<p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p>
<p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p>
<p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability.</p>
<p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p>
<p>An attacker must send a user a malicious Office file and convince them to open it.</p>
Inbox COM Objects
Microsoft
Yes
CVE-2026-21219
Use After Free
16764
Remote Code Execution
16764
Important
16764
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
16764
Release Notes
https://learn.microsoft.com/en-us/windows/apps/windows-sdk/downloads
16764
Maybe
Security Update
10.0.26100.7463
https://learn.microsoft.com/en-us/windows/apps/windows-sdk/release-notes
16764
Release Notes
Zhiniang Peng with HUST & R4nger with CyberKunLun
1.0
2026-01-13T08:00:00
<p>Information published.</p>
Windows Management Services Elevation of Privilege Vulnerability
<p>Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Management Services allows an authorized attacker to elevate privileges locally.</p>
<p><strong>What privileges could be gained by an attacker who successfully exploited the vulnerability?</strong></p>
<p>An attacker could use this vulnerability to elevate privileges from a Low Integrity Level in a contained ("sandboxed") execution environment to a Medium Integrity Level. Please refer to <a href="https://learn.microsoft.com/en-us/windows/win32/secauthz/appcontainer-isolation">AppContainer isolation</a> and <a href="https://learn.microsoft.com/en-us/windows/win32/secauthz/mandatory-integrity-control">Mandatory Integrity Control</a> for more information.</p>
<p><strong>According to the CVSS metric, successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?</strong></p>
<p>In this case, a successful attack could be performed from a low privilege <a href="https://docs.microsoft.com/windows/win32/secauthz/appcontainer-isolation">AppContainer</a>. The attacker could elevate their privileges and execute code or access resources at a higher integrity level than that of the AppContainer execution environment.</p>
<p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p>
<p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p>
Windows Management Services
Microsoft
Yes
CVE-2026-20861
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
Use After Free
Double Free
11568
11569
11571
11572
11923
11924
11929
11930
11931
12097
12098
12099
12437
20437
20438
12242
12243
12244
12389
12390
12436
Elevation of Privilege
11568
Elevation of Privilege
11569
Elevation of Privilege
11571
Elevation of Privilege
11572
Elevation of Privilege
11923
Elevation of Privilege
11924
Elevation of Privilege
11929
Elevation of Privilege
11930
Elevation of Privilege
11931
Elevation of Privilege
12097
Elevation of Privilege
12098
Elevation of Privilege
12099
Elevation of Privilege
12437
Elevation of Privilege
20437
Elevation of Privilege
20438
Elevation of Privilege
12242
Elevation of Privilege
12243
Elevation of Privilege
12244
Elevation of Privilege
12389
Elevation of Privilege
12390
Elevation of Privilege
12436
Important
11568
Important
11569
Important
11571
Important
11572
Important
11923
Important
11924
Important
11929
Important
11930
Important
11931
Important
12097
Important
12098
Important
12099
Important
12437
Important
20437
Important
20438
Important
12242
Important
12243
Important
12244
Important
12389
Important
12390
Important
12436
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
7.8
6.8
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
11568
7.8
6.8
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
11569
7.8
6.8
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
11571
7.8
6.8
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
11572
7.8
6.8
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
11923
7.8
6.8
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
11924
7.8
6.8
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
11929
7.8
6.8
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
11930
7.8
6.8
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
11931
7.8
6.8
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
12097
7.8
6.8
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
12098
7.8
6.8
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
12099
7.8
6.8
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
12437
7.8
6.8
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
20437
7.8
6.8
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
20438
7.8
6.8
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
12242
7.8
6.8
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
12243
7.8
6.8
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
12244
7.8
6.8
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
12389
7.8
6.8
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
12390
7.8
6.8
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
12436
5073723
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073723
5071544
11568
11569
11571
11572
Yes
Security Update
10.0.17763.8276
https://support.microsoft.com/help/5073723
11568
11569
11571
11572
5073723
5073723
https://support.microsoft.com/help/5073723
11568
11569
11571
11572
5073457
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073457
5071547
11923
11924
Yes
Security Update
10.0.20348.4648
https://support.microsoft.com/help/5073457
11923
11924
5073457
5073457
https://support.microsoft.com/help/5073457
11923
11924
5073724
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073724
5071546
11929
11930
11931
Yes
Security Update
10.0.19044.6809
https://support.microsoft.com/help/5073724
11929
11930
11931
5073724
5073724
https://support.microsoft.com/help/5073724
11929
11930
11931
12097
12098
12099
5073724
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073724
5071546
12097
12098
12099
Yes
Security Update
10.0.19045.6809
https://support.microsoft.com/help/5073724
12097
12098
12099
5073724
5073379
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073379
5072033
12437
12436
Yes
Security Update
10.0.26100.32230
https://support.microsoft.com/en-us/topic/a6021fd2-b3b7-45a7-b68e-35c28a2a77da
12437
12436
5073379
5073379
https://support.microsoft.com/help/5073379
12437
12436
5074109
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5074109
5072033
20437
20438
Yes
Security Update
10.0.26200.7623
https://support.microsoft.com/help/5074109
20437
20438
5074109
5074109
https://support.microsoft.com/help/5074109
20437
20438
12389
12390
5073455
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073455
5071417
12242
12243
Yes
Security Update
10.0.22631.6491
https://support.microsoft.com/help/5073455
12242
12243
5073455
5073455
https://support.microsoft.com/help/5073455
12242
12243
5073450
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073450
5071542
12244
Yes
Security Update
10.0.25398.2092
https://support.microsoft.com/help/5073450
12244
5073450
5073450
https://support.microsoft.com/help/5073450
12244
5074109
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5074109
5072033
12389
12390
Yes
Security Update
10.0.26100.7623
https://support.microsoft.com/help/5074109
12389
12390
5074109
Anonymous
1.0
2026-01-13T08:00:00
<p>Information published.</p>
Windows Management Services Information Disclosure Vulnerability
<p>Exposure of sensitive information to an unauthorized actor in Windows Management Services allows an authorized attacker to disclose information locally.</p>
<p><strong>What type of information could be disclosed by this vulnerability?</strong></p>
<p>An attacker who successfully exploited this vulnerability could potentially read portions of process memory.</p>
Windows Management Services
Microsoft
Yes
CVE-2026-20862
Exposure of Sensitive Information to an Unauthorized Actor
11568
11569
11571
11572
11923
11924
11929
11930
11931
12097
12098
12099
12437
20437
20438
12242
12243
12244
12389
12390
12436
Information Disclosure
11568
Information Disclosure
11569
Information Disclosure
11571
Information Disclosure
11572
Information Disclosure
11923
Information Disclosure
11924
Information Disclosure
11929
Information Disclosure
11930
Information Disclosure
11931
Information Disclosure
12097
Information Disclosure
12098
Information Disclosure
12099
Information Disclosure
12437
Information Disclosure
20437
Information Disclosure
20438
Information Disclosure
12242
Information Disclosure
12243
Information Disclosure
12244
Information Disclosure
12389
Information Disclosure
12390
Information Disclosure
12436
Important
11568
Important
11569
Important
11571
Important
11572
Important
11923
Important
11924
Important
11929
Important
11930
Important
11931
Important
12097
Important
12098
Important
12099
Important
12437
Important
20437
Important
20438
Important
12242
Important
12243
Important
12244
Important
12389
Important
12390
Important
12436
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11568
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11569
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11571
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11572
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11923
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11924
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11929
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11930
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11931
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12097
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12098
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12099
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12437
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
20437
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
20438
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12242
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12243
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12244
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12389
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12390
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12436
5073723
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073723
5071544
11568
11569
11571
11572
Yes
Security Update
10.0.17763.8276
https://support.microsoft.com/help/5073723
11568
11569
11571
11572
5073723
5073723
https://support.microsoft.com/help/5073723
11568
11569
11571
11572
5073457
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073457
5071547
11923
11924
Yes
Security Update
10.0.20348.4648
https://support.microsoft.com/help/5073457
11923
11924
5073457
5073457
https://support.microsoft.com/help/5073457
11923
11924
5073724
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073724
5071546
11929
11930
11931
Yes
Security Update
10.0.19044.6809
https://support.microsoft.com/help/5073724
11929
11930
11931
5073724
5073724
https://support.microsoft.com/help/5073724
11929
11930
11931
12097
12098
12099
5073724
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073724
5071546
12097
12098
12099
Yes
Security Update
10.0.19045.6809
https://support.microsoft.com/help/5073724
12097
12098
12099
5073724
5073379
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073379
5072033
12437
12436
Yes
Security Update
10.0.26100.32230
https://support.microsoft.com/en-us/topic/a6021fd2-b3b7-45a7-b68e-35c28a2a77da
12437
12436
5073379
5073379
https://support.microsoft.com/help/5073379
12437
12436
5074109
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5074109
5072033
20437
20438
Yes
Security Update
10.0.26200.7623
https://support.microsoft.com/help/5074109
20437
20438
5074109
5074109
https://support.microsoft.com/help/5074109
20437
20438
12389
12390
5073455
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073455
5071417
12242
12243
Yes
Security Update
10.0.22631.6491
https://support.microsoft.com/help/5073455
12242
12243
5073455
5073455
https://support.microsoft.com/help/5073455
12242
12243
5073450
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073450
5071542
12244
Yes
Security Update
10.0.25398.2092
https://support.microsoft.com/help/5073450
12244
5073450
5073450
https://support.microsoft.com/help/5073450
12244
5074109
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5074109
5072033
12389
12390
Yes
Security Update
10.0.26100.7623
https://support.microsoft.com/help/5074109
12389
12390
5074109
Anonymous
1.0
2026-01-13T08:00:00
<p>Information published.</p>
Win32k Elevation of Privilege Vulnerability
<p>Double free in Windows Win32K - ICOMP allows an authorized attacker to elevate privileges locally.</p>
<p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p>
<p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p>
<p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p>
<p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p>
Windows Win32K - ICOMP
Microsoft
Yes
CVE-2026-20863
Double Free
11923
11924
12437
20437
20438
12242
12243
12244
12389
12390
12436
Elevation of Privilege
11923
Elevation of Privilege
11924
Elevation of Privilege
12437
Elevation of Privilege
20437
Elevation of Privilege
20438
Elevation of Privilege
12242
Elevation of Privilege
12243
Elevation of Privilege
12244
Elevation of Privilege
12389
Elevation of Privilege
12390
Elevation of Privilege
12436
Important
11923
Important
11924
Important
12437
Important
20437
Important
20438
Important
12242
Important
12243
Important
12244
Important
12389
Important
12390
Important
12436
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11923
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11924
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12437
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
20437
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
20438
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12242
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12243
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12244
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12389
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12390
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12436
5073457
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073457
5071547
11923
11924
Yes
Security Update
10.0.20348.4648
https://support.microsoft.com/help/5073457
11923
11924
5073457
5073457
https://support.microsoft.com/help/5073457
11923
11924
5073379
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073379
5072033
12437
12436
Yes
Security Update
10.0.26100.32230
https://support.microsoft.com/en-us/topic/a6021fd2-b3b7-45a7-b68e-35c28a2a77da
12437
12436
5073379
5073379
https://support.microsoft.com/help/5073379
12437
12436
5074109
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5074109
5072033
20437
20438
Yes
Security Update
10.0.26200.7623
https://support.microsoft.com/help/5074109
20437
20438
5074109
5074109
https://support.microsoft.com/help/5074109
20437
20438
12389
12390
5073455
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073455
5071417
12242
12243
Yes
Security Update
10.0.22631.6491
https://support.microsoft.com/help/5073455
12242
12243
5073455
5073455
https://support.microsoft.com/help/5073455
12242
12243
5073450
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073450
5071542
12244
Yes
Security Update
10.0.25398.2092
https://support.microsoft.com/help/5073450
12244
5073450
5073450
https://support.microsoft.com/help/5073450
12244
5074109
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5074109
5072033
12389
12390
Yes
Security Update
10.0.26100.7623
https://support.microsoft.com/help/5074109
12389
12390
5074109
<a href="https://infosec.exchange/@ynwarcs">goodbyeselene</a>
1.0
2026-01-13T08:00:00
<p>Information published.</p>
Windows Management Services Elevation of Privilege Vulnerability
<p>Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Management Services allows an authorized attacker to elevate privileges locally.</p>
<p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p>
<p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p>
<p><strong>According to the CVSS metric, successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?</strong></p>
<p>In this case, a successful attack could be performed from a low privilege <a href="https://docs.microsoft.com/windows/win32/secauthz/appcontainer-isolation">AppContainer</a>. The attacker could elevate their privileges and execute code or access resources at a higher integrity level than that of the AppContainer execution environment.</p>
<p><strong>What privileges could be gained by an attacker who successfully exploited the vulnerability?</strong></p>
<p>An attacker could use this vulnerability to elevate privileges from a Low Integrity Level in a contained ("sandboxed") execution environment to a Medium Integrity Level. Please refer to <a href="https://learn.microsoft.com/en-us/windows/win32/secauthz/appcontainer-isolation">AppContainer isolation</a> and <a href="https://learn.microsoft.com/en-us/windows/win32/secauthz/mandatory-integrity-control">Mandatory Integrity Control</a> for more information.</p>
Windows Management Services
Microsoft
Yes
CVE-2026-20866
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
11568
11569
11571
11572
11923
11924
11929
11930
11931
12097
12098
12099
12437
20437
20438
12242
12243
12244
12389
12390
12436
Elevation of Privilege
11568
Elevation of Privilege
11569
Elevation of Privilege
11571
Elevation of Privilege
11572
Elevation of Privilege
11923
Elevation of Privilege
11924
Elevation of Privilege
11929
Elevation of Privilege
11930
Elevation of Privilege
11931
Elevation of Privilege
12097
Elevation of Privilege
12098
Elevation of Privilege
12099
Elevation of Privilege
12437
Elevation of Privilege
20437
Elevation of Privilege
20438
Elevation of Privilege
12242
Elevation of Privilege
12243
Elevation of Privilege
12244
Elevation of Privilege
12389
Elevation of Privilege
12390
Elevation of Privilege
12436
Important
11568
Important
11569
Important
11571
Important
11572
Important
11923
Important
11924
Important
11929
Important
11930
Important
11931
Important
12097
Important
12098
Important
12099
Important
12437
Important
20437
Important
20438
Important
12242
Important
12243
Important
12244
Important
12389
Important
12390
Important
12436
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
7.8
6.8
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
11568
7.8
6.8
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
11569
7.8
6.8
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
11571
7.8
6.8
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
11572
7.8
6.8
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
11923
7.8
6.8
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
11924
7.8
6.8
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
11929
7.8
6.8
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
11930
7.8
6.8
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
11931
7.8
6.8
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
12097
7.8
6.8
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
12098
7.8
6.8
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
12099
7.8
6.8
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
12437
7.8
6.8
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
20437
7.8
6.8
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
20438
7.8
6.8
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
12242
7.8
6.8
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
12243
7.8
6.8
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
12244
7.8
6.8
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
12389
7.8
6.8
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
12390
7.8
6.8
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
12436
5073723
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073723
5071544
11568
11569
11571
11572
Yes
Security Update
10.0.17763.8276
https://support.microsoft.com/help/5073723
11568
11569
11571
11572
5073723
5073723
https://support.microsoft.com/help/5073723
11568
11569
11571
11572
5073457
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073457
5071547
11923
11924
Yes
Security Update
10.0.20348.4648
https://support.microsoft.com/help/5073457
11923
11924
5073457
5073457
https://support.microsoft.com/help/5073457
11923
11924
5073724
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073724
5071546
11929
11930
11931
Yes
Security Update
10.0.19044.6809
https://support.microsoft.com/help/5073724
11929
11930
11931
5073724
5073724
https://support.microsoft.com/help/5073724
11929
11930
11931
12097
12098
12099
5073724
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073724
5071546
12097
12098
12099
Yes
Security Update
10.0.19045.6809
https://support.microsoft.com/help/5073724
12097
12098
12099
5073724
5073379
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073379
5072033
12437
12436
Yes
Security Update
10.0.26100.32230
https://support.microsoft.com/en-us/topic/a6021fd2-b3b7-45a7-b68e-35c28a2a77da
12437
12436
5073379
5073379
https://support.microsoft.com/help/5073379
12437
12436
5074109
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5074109
5072033
20437
20438
Yes
Security Update
10.0.26200.7623
https://support.microsoft.com/help/5074109
20437
20438
5074109
5074109
https://support.microsoft.com/help/5074109
20437
20438
12389
12390
5073455
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073455
5071417
12242
12243
Yes
Security Update
10.0.22631.6491
https://support.microsoft.com/help/5073455
12242
12243
5073455
5073455
https://support.microsoft.com/help/5073455
12242
12243
5073450
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073450
5071542
12244
Yes
Security Update
10.0.25398.2092
https://support.microsoft.com/help/5073450
12244
5073450
5073450
https://support.microsoft.com/help/5073450
12244
5074109
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5074109
5072033
12389
12390
Yes
Security Update
10.0.26100.7623
https://support.microsoft.com/help/5074109
12389
12390
5074109
Anonymous
1.0
2026-01-13T08:00:00
<p>Information published.</p>
Windows Management Services Elevation of Privilege Vulnerability
<p>Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Management Services allows an authorized attacker to elevate privileges locally.</p>
<p><strong>According to the CVSS metric, successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?</strong></p>
<p>In this case, a successful attack could be performed from a low privilege <a href="https://docs.microsoft.com/windows/win32/secauthz/appcontainer-isolation">AppContainer</a>. The attacker could elevate their privileges and execute code or access resources at a higher integrity level than that of the AppContainer execution environment.</p>
<p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p>
<p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p>
<p><strong>What privileges could be gained by an attacker who successfully exploited the vulnerability?</strong></p>
<p>An attacker could use this vulnerability to elevate privileges from a Low Integrity Level in a contained ("sandboxed") execution environment to a Medium Integrity Level. Please refer to <a href="https://learn.microsoft.com/en-us/windows/win32/secauthz/appcontainer-isolation">AppContainer isolation</a> and <a href="https://learn.microsoft.com/en-us/windows/win32/secauthz/mandatory-integrity-control">Mandatory Integrity Control</a> for more information.</p>
Windows Management Services
Microsoft
Yes
CVE-2026-20867
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
Use After Free
Double Free
11568
11569
11571
11572
11923
11924
11929
11930
11931
12097
12098
12099
12437
20437
20438
12242
12243
12244
12389
12390
12436
Elevation of Privilege
11568
Elevation of Privilege
11569
Elevation of Privilege
11571
Elevation of Privilege
11572
Elevation of Privilege
11923
Elevation of Privilege
11924
Elevation of Privilege
11929
Elevation of Privilege
11930
Elevation of Privilege
11931
Elevation of Privilege
12097
Elevation of Privilege
12098
Elevation of Privilege
12099
Elevation of Privilege
12437
Elevation of Privilege
20437
Elevation of Privilege
20438
Elevation of Privilege
12242
Elevation of Privilege
12243
Elevation of Privilege
12244
Elevation of Privilege
12389
Elevation of Privilege
12390
Elevation of Privilege
12436
Important
11568
Important
11569
Important
11571
Important
11572
Important
11923
Important
11924
Important
11929
Important
11930
Important
11931
Important
12097
Important
12098
Important
12099
Important
12437
Important
20437
Important
20438
Important
12242
Important
12243
Important
12244
Important
12389
Important
12390
Important
12436
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely
7.8
6.8
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
11568
7.8
6.8
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
11569
7.8
6.8
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
11571
7.8
6.8
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
11572
7.8
6.8
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
11923
7.8
6.8
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
11924
7.8
6.8
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
11929
7.8
6.8
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
11930
7.8
6.8
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
11931
7.8
6.8
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
12097
7.8
6.8
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
12098
7.8
6.8
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
12099
7.8
6.8
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
12437
7.8
6.8
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
20437
7.8
6.8
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
20438
7.8
6.8
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
12242
7.8
6.8
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
12243
7.8
6.8
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
12244
7.8
6.8
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
12389
7.8
6.8
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
12390
7.8
6.8
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
12436
5073723
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073723
5071544
11568
11569
11571
11572
Yes
Security Update
10.0.17763.8276
https://support.microsoft.com/help/5073723
11568
11569
11571
11572
5073723
5073723
https://support.microsoft.com/help/5073723
11568
11569
11571
11572
5073457
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073457
5071547
11923
11924
Yes
Security Update
10.0.20348.4648
https://support.microsoft.com/help/5073457
11923
11924
5073457
5073457
https://support.microsoft.com/help/5073457
11923
11924
5073724
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073724
5071546
11929
11930
11931
Yes
Security Update
10.0.19044.6809
https://support.microsoft.com/help/5073724
11929
11930
11931
5073724
5073724
https://support.microsoft.com/help/5073724
11929
11930
11931
12097
12098
12099
5073724
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073724
5071546
12097
12098
12099
Yes
Security Update
10.0.19045.6809
https://support.microsoft.com/help/5073724
12097
12098
12099
5073724
5073379
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073379
5072033
12437
12436
Yes
Security Update
10.0.26100.32230
https://support.microsoft.com/en-us/topic/a6021fd2-b3b7-45a7-b68e-35c28a2a77da
12437
12436
5073379
5073379
https://support.microsoft.com/help/5073379
12437
12436
5074109
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5074109
5072033
20437
20438
Yes
Security Update
10.0.26200.7623
https://support.microsoft.com/help/5074109
20437
20438
5074109
5074109
https://support.microsoft.com/help/5074109
20437
20438
12389
12390
5073455
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073455
5071417
12242
12243
Yes
Security Update
10.0.22631.6491
https://support.microsoft.com/help/5073455
12242
12243
5073455
5073455
https://support.microsoft.com/help/5073455
12242
12243
5073450
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073450
5071542
12244
Yes
Security Update
10.0.25398.2092
https://support.microsoft.com/help/5073450
12244
5073450
5073450
https://support.microsoft.com/help/5073450
12244
5074109
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5074109
5072033
12389
12390
Yes
Security Update
10.0.26100.7623
https://support.microsoft.com/help/5074109
12389
12390
5074109
Anonymous
1.0
2026-01-13T08:00:00
<p>Information published.</p>
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
<p>Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.</p>
<p><strong>How could an attacker exploit this vulnerability?</strong></p>
<p>An attacker authenticated on the domain could exploit this vulnerability by tricking a domain-joined user into sending a request to a malicious server via the Routing and Remote Access Service (RRAS) Snap-in. This could result in the server returning malicious data that might cause arbitrary code execution on the user's system.</p>
Windows Routing and Remote Access Service (RRAS)
Microsoft
Yes
CVE-2026-20868
Heap-based Buffer Overflow
11568
11569
11571
11572
11923
11924
11929
11930
11931
12097
12098
12099
12437
20437
20438
12242
12243
12244
12389
12390
12436
10852
10853
10816
10855
9312
10287
9318
9344
10051
10049
10378
10379
10483
10543
Remote Code Execution
11568
Remote Code Execution
11569
Remote Code Execution
11571
Remote Code Execution
11572
Remote Code Execution
11923
Remote Code Execution
11924
Remote Code Execution
11929
Remote Code Execution
11930
Remote Code Execution
11931
Remote Code Execution
12097
Remote Code Execution
12098
Remote Code Execution
12099
Remote Code Execution
12437
Remote Code Execution
20437
Remote Code Execution
20438
Remote Code Execution
12242
Remote Code Execution
12243
Remote Code Execution
12244
Remote Code Execution
12389
Remote Code Execution
12390
Remote Code Execution
12436
Remote Code Execution
10852
Remote Code Execution
10853
Remote Code Execution
10816
Remote Code Execution
10855
Remote Code Execution
9312
Remote Code Execution
10287
Remote Code Execution
9318
Remote Code Execution
9344
Remote Code Execution
10051
Remote Code Execution
10049
Remote Code Execution
10378
Remote Code Execution
10379
Remote Code Execution
10483
Remote Code Execution
10543
Important
11568
Important
11569
Important
11571
Important
11572
Important
11923
Important
11924
Important
11929
Important
11930
Important
11931
Important
12097
Important
12098
Important
12099
Important
12437
Important
20437
Important
20438
Important
12242
Important
12243
Important
12244
Important
12389
Important
12390
Important
12436
Important
10852
Important
10853
Important
10816
Important
10855
Important
9312
Important
10287
Important
9318
Important
9344
Important
10051
Important
10049
Important
10378
Important
10379
Important
10483
Important
10543
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11568
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11569
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11571
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11572
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11923
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11924
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11929
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11930
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11931
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12097
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12098
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12099
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12437
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
20437
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
20438
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12242
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12243
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12244
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12389
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12390
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12436
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10852
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10853
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10816
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10855
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9312
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10287
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9318
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9344
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10051
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10049
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10378
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10379
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10483
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10543
5073723
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073723
5071544
11568
11569
11571
11572
Yes
Security Update
10.0.17763.8276
https://support.microsoft.com/help/5073723
11568
11569
11571
11572
5073723
5073723
https://support.microsoft.com/help/5073723
11568
11569
11571
11572
5073457
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073457
5071547
11923
11924
Yes
Security Update
10.0.20348.4648
https://support.microsoft.com/help/5073457
11923
11924
5073457
5073457
https://support.microsoft.com/help/5073457
11923
11924
5073724
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073724
5071546
11929
11930
11931
Yes
Security Update
10.0.19044.6809
https://support.microsoft.com/help/5073724
11929
11930
11931
5073724
5073724
https://support.microsoft.com/help/5073724
11929
11930
11931
12097
12098
12099
5073724
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073724
5071546
12097
12098
12099
Yes
Security Update
10.0.19045.6809
https://support.microsoft.com/help/5073724
12097
12098
12099
5073724
5073379
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073379
5072033
12437
12436
Yes
Security Update
10.0.26100.32230
https://support.microsoft.com/en-us/topic/a6021fd2-b3b7-45a7-b68e-35c28a2a77da
12437
12436
5073379
5073379
https://support.microsoft.com/help/5073379
12437
12436
5074109
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5074109
5072033
20437
20438
Yes
Security Update
10.0.26200.7623
https://support.microsoft.com/help/5074109
20437
20438
5074109
5074109
https://support.microsoft.com/help/5074109
20437
20438
12389
12390
5073455
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073455
5071417
12242
12243
Yes
Security Update
10.0.22631.6491
https://support.microsoft.com/help/5073455
12242
12243
5073455
5073455
https://support.microsoft.com/help/5073455
12242
12243
5073450
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073450
5071542
12244
Yes
Security Update
10.0.25398.2092
https://support.microsoft.com/help/5073450
12244
5073450
5073450
https://support.microsoft.com/help/5073450
12244
5074109
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5074109
5072033
12389
12390
Yes
Security Update
10.0.26100.7623
https://support.microsoft.com/help/5074109
12389
12390
5074109
5073722
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073722
5071543
10852
10853
10816
10855
Yes
Security Update
10.0.14393.8783
https://support.microsoft.com/help/5073722
10852
10853
10816
10855
5073722
5073697
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073697
5071504
9312
10287
9318
9344
Yes
Monthly Rollup
6.0.6003.23717
https://support.microsoft.com/help/5073697
9312
10287
9318
9344
5073697
5073700
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073700
9312
10287
9318
9344
Yes
Security Only
6.0.6003.23717
https://support.microsoft.com/help/5073700
9312
10287
9318
9344
5073700
5073695
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073695
5071501
10051
10049
Yes
Monthly Rollup
6.1.7601.28117
https://support.microsoft.com/help/5073695
10051
10049
5073695
5073699
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073699
10051
10049
Yes
Security Only
6.1.7601.28117
https://support.microsoft.com/help/5073699
10051
10049
5073699
5073698
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073698
5071505
10378
10379
Yes
Monthly Rollup
6.2.9200.25868
https://support.microsoft.com/help/5073698
10378
10379
5073698
5073696
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073696
5071503
10483
10543
Yes
Monthly Rollup
6.3.9600.22968
https://support.microsoft.com/help/5073696
10483
10543
5073696
Anonymous
1.0
2026-01-13T08:00:00
<p>Information published.</p>
Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability
<p>Use after free in Windows Win32K - ICOMP allows an authorized attacker to elevate privileges locally.</p>
<p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p>
<p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p>
Windows Win32K - ICOMP
Microsoft
Yes
CVE-2026-20870
Use After Free
12437
20437
20438
12389
12390
12436
Elevation of Privilege
12437
Elevation of Privilege
20437
Elevation of Privilege
20438
Elevation of Privilege
12389
Elevation of Privilege
12390
Elevation of Privilege
12436
Important
12437
Important
20437
Important
20438
Important
12389
Important
12390
Important
12436
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12437
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
20437
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
20438
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12389
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12390
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12436
5073379
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073379
5072033
12437
12436
Yes
Security Update
10.0.26100.32230
https://support.microsoft.com/en-us/topic/a6021fd2-b3b7-45a7-b68e-35c28a2a77da
12437
12436
5073379
5073379
https://support.microsoft.com/help/5073379
12437
12436
5074109
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5074109
5072033
20437
20438
Yes
Security Update
10.0.26200.7623
https://support.microsoft.com/help/5074109
20437
20438
5074109
5074109
https://support.microsoft.com/help/5074109
20437
20438
12389
12390
5074109
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5074109
5072033
12389
12390
Yes
Security Update
10.0.26100.7623
https://support.microsoft.com/help/5074109
12389
12390
5074109
<a href="https://infosec.exchange/@ynwarcs">goodbyeselene</a>
1.0
2026-01-13T08:00:00
<p>Information published.</p>
Desktop Window Manager Elevation of Privilege Vulnerability
<p>Use after free in Desktop Windows Manager allows an authorized attacker to elevate privileges locally.</p>
<p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p>
<p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p>
Desktop Window Manager
Microsoft
Yes
CVE-2026-20871
Use After Free
11923
11924
11929
11930
11931
12097
12098
12099
12437
20437
20438
12242
12243
12244
12389
12390
12436
Elevation of Privilege
11923
Elevation of Privilege
11924
Elevation of Privilege
11929
Elevation of Privilege
11930
Elevation of Privilege
11931
Elevation of Privilege
12097
Elevation of Privilege
12098
Elevation of Privilege
12099
Elevation of Privilege
12437
Elevation of Privilege
20437
Elevation of Privilege
20438
Elevation of Privilege
12242
Elevation of Privilege
12243
Elevation of Privilege
12244
Elevation of Privilege
12389
Elevation of Privilege
12390
Elevation of Privilege
12436
Important
11923
Important
11924
Important
11929
Important
11930
Important
11931
Important
12097
Important
12098
Important
12099
Important
12437
Important
20437
Important
20438
Important
12242
Important
12243
Important
12244
Important
12389
Important
12390
Important
12436
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11923
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11924
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11929
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11930
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11931
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12097
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12098
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12099
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12437
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
20437
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
20438
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12242
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12243
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12244
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12389
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12390
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12436
5073457
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073457
5071547
11923
11924
Yes
Security Update
10.0.20348.4648
https://support.microsoft.com/help/5073457
11923
11924
5073457
5073457
https://support.microsoft.com/help/5073457
11923
11924
5073724
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073724
5071546
11929
11930
11931
Yes
Security Update
10.0.19044.6809
https://support.microsoft.com/help/5073724
11929
11930
11931
5073724
5073724
https://support.microsoft.com/help/5073724
11929
11930
11931
12097
12098
12099
5073724
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073724
5071546
12097
12098
12099
Yes
Security Update
10.0.19045.6809
https://support.microsoft.com/help/5073724
12097
12098
12099
5073724
5073379
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073379
5072033
12437
12436
Yes
Security Update
10.0.26100.32230
https://support.microsoft.com/en-us/topic/a6021fd2-b3b7-45a7-b68e-35c28a2a77da
12437
12436
5073379
5073379
https://support.microsoft.com/help/5073379
12437
12436
5074109
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5074109
5072033
20437
20438
Yes
Security Update
10.0.26200.7623
https://support.microsoft.com/help/5074109
20437
20438
5074109
5074109
https://support.microsoft.com/help/5074109
20437
20438
12389
12390
5073455
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073455
5071417
12242
12243
Yes
Security Update
10.0.22631.6491
https://support.microsoft.com/help/5073455
12242
12243
5073455
5073455
https://support.microsoft.com/help/5073455
12242
12243
5073450
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073450
5071542
12244
Yes
Security Update
10.0.25398.2092
https://support.microsoft.com/help/5073450
12244
5073450
5073450
https://support.microsoft.com/help/5073450
12244
5074109
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5074109
5072033
12389
12390
Yes
Security Update
10.0.26100.7623
https://support.microsoft.com/help/5074109
12389
12390
5074109
Anonymous working with Trend Zero Day Initiative
1.0
2026-01-13T08:00:00
<p>Information published.</p>
NTLM Hash Disclosure Spoofing Vulnerability
<p>External control of file name or path in Windows NTLM allows an unauthorized attacker to perform spoofing over a network.</p>
<p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p>
<p>Minimal interaction with a malicious file by a user such as selecting (single-click), inspecting (right-click), or performing an action other than opening or executing the file could trigger this vulnerability.</p>
Windows NTLM
Microsoft
Yes
CVE-2026-20872
External Control of File Name or Path
11568
11569
11571
11572
11923
11924
11929
11930
11931
12097
12098
12099
12437
20437
20438
12242
12243
12244
12389
12390
12436
10852
10853
10816
10855
9312
10287
9318
9344
10051
10049
10378
10379
10483
10543
Spoofing
11568
Spoofing
11569
Spoofing
11571
Spoofing
11572
Spoofing
11923
Spoofing
11924
Spoofing
11929
Spoofing
11930
Spoofing
11931
Spoofing
12097
Spoofing
12098
Spoofing
12099
Spoofing
12437
Spoofing
20437
Spoofing
20438
Spoofing
12242
Spoofing
12243
Spoofing
12244
Spoofing
12389
Spoofing
12390
Spoofing
12436
Spoofing
10852
Spoofing
10853
Spoofing
10816
Spoofing
10855
Spoofing
9312
Spoofing
10287
Spoofing
9318
Spoofing
9344
Spoofing
10051
Spoofing
10049
Spoofing
10378
Spoofing
10379
Spoofing
10483
Spoofing
10543
Important
11568
Important
11569
Important
11571
Important
11572
Important
11923
Important
11924
Important
11929
Important
11930
Important
11931
Important
12097
Important
12098
Important
12099
Important
12437
Important
20437
Important
20438
Important
12242
Important
12243
Important
12244
Important
12389
Important
12390
Important
12436
Important
10852
Important
10853
Important
10816
Important
10855
Important
9312
Important
10287
Important
9318
Important
9344
Important
10051
Important
10049
Important
10378
Important
10379
Important
10483
Important
10543
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11568
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11569
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11571
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11572
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11923
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11924
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11929
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11930
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11931
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12097
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12098
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12099
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12437
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
20437
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
20438
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12242
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12243
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12244
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12389
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12390
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12436
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10852
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10853
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10816
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10855
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
9312
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10287
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
9318
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
9344
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10051
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10049
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10378
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10379
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10483
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10543
5073723
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073723
5071544
11568
11569
11571
11572
Yes
Security Update
10.0.17763.8276
https://support.microsoft.com/help/5073723
11568
11569
11571
11572
5073723
5073723
https://support.microsoft.com/help/5073723
11568
11569
11571
11572
5073457
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073457
5071547
11923
11924
Yes
Security Update
10.0.20348.4648
https://support.microsoft.com/help/5073457
11923
11924
5073457
5073457
https://support.microsoft.com/help/5073457
11923
11924
5073724
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073724
5071546
11929
11930
11931
Yes
Security Update
10.0.19044.6809
https://support.microsoft.com/help/5073724
11929
11930
11931
5073724
5073724
https://support.microsoft.com/help/5073724
11929
11930
11931
12097
12098
12099
5073724
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073724
5071546
12097
12098
12099
Yes
Security Update
10.0.19045.6809
https://support.microsoft.com/help/5073724
12097
12098
12099
5073724
5073379
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073379
5072033
12437
12436
Yes
Security Update
10.0.26100.32230
https://support.microsoft.com/en-us/topic/a6021fd2-b3b7-45a7-b68e-35c28a2a77da
12437
12436
5073379
5073379
https://support.microsoft.com/help/5073379
12437
12436
5074109
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5074109
5072033
20437
20438
Yes
Security Update
10.0.26200.7623
https://support.microsoft.com/help/5074109
20437
20438
5074109
5074109
https://support.microsoft.com/help/5074109
20437
20438
12389
12390
5073455
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073455
5071417
12242
12243
Yes
Security Update
10.0.22631.6491
https://support.microsoft.com/help/5073455
12242
12243
5073455
5073455
https://support.microsoft.com/help/5073455
12242
12243
5073450
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073450
5071542
12244
Yes
Security Update
10.0.25398.2092
https://support.microsoft.com/help/5073450
12244
5073450
5073450
https://support.microsoft.com/help/5073450
12244
5074109
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5074109
5072033
12389
12390
Yes
Security Update
10.0.26100.7623
https://support.microsoft.com/help/5074109
12389
12390
5074109
5073722
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073722
5071543
10852
10853
10816
10855
Yes
Security Update
10.0.14393.8783
https://support.microsoft.com/help/5073722
10852
10853
10816
10855
5073722
5073697
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073697
5071504
9312
10287
9318
9344
Yes
Monthly Rollup
6.0.6003.23717
https://support.microsoft.com/help/5073697
9312
10287
9318
9344
5073697
5073700
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073700
9312
10287
9318
9344
Yes
Security Only
6.0.6003.23717
https://support.microsoft.com/help/5073700
9312
10287
9318
9344
5073700
5073695
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073695
5071501
10051
10049
Yes
Monthly Rollup
6.1.7601.28117
https://support.microsoft.com/help/5073695
10051
10049
5073695
5073699
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073699
10051
10049
Yes
Security Only
6.1.7601.28117
https://support.microsoft.com/help/5073699
10051
10049
5073699
5073698
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073698
5071505
10378
10379
Yes
Monthly Rollup
6.2.9200.25868
https://support.microsoft.com/help/5073698
10378
10379
5073698
5073696
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073696
5071503
10483
10543
Yes
Monthly Rollup
6.3.9600.22968
https://support.microsoft.com/help/5073696
10483
10543
5073696
<a href="https://www.linkedin.com/in/saumyajeetdas/">Saumyajeet Das</a>
1.0
2026-01-13T08:00:00
<p>Information published.</p>
Windows Management Services Elevation of Privilege Vulnerability
<p>Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Management Services allows an authorized attacker to elevate privileges locally.</p>
<p><strong>What privileges could be gained by an attacker who successfully exploited the vulnerability?</strong></p>
<p>An attacker could use this vulnerability to elevate privileges from a Low Integrity Level in a contained ("sandboxed") execution environment to a Medium Integrity Level. Please refer to <a href="https://learn.microsoft.com/en-us/windows/win32/secauthz/appcontainer-isolation">AppContainer isolation</a> and <a href="https://learn.microsoft.com/en-us/windows/win32/secauthz/mandatory-integrity-control">Mandatory Integrity Control</a> for more information.</p>
<p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p>
<p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p>
<p><strong>According to the CVSS metric, successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?</strong></p>
<p>In this case, a successful attack could be performed from a low privilege <a href="https://docs.microsoft.com/windows/win32/secauthz/appcontainer-isolation">AppContainer</a>. The attacker could elevate their privileges and execute code or access resources at a higher integrity level than that of the AppContainer execution environment.</p>
Windows Management Services
Microsoft
Yes
CVE-2026-20873
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
Use After Free
11568
11569
11571
11572
11923
11924
11929
11930
11931
12097
12098
12099
12437
20437
20438
12242
12243
12244
12389
12390
12436
Elevation of Privilege
11568
Elevation of Privilege
11569
Elevation of Privilege
11571
Elevation of Privilege
11572
Elevation of Privilege
11923
Elevation of Privilege
11924
Elevation of Privilege
11929
Elevation of Privilege
11930
Elevation of Privilege
11931
Elevation of Privilege
12097
Elevation of Privilege
12098
Elevation of Privilege
12099
Elevation of Privilege
12437
Elevation of Privilege
20437
Elevation of Privilege
20438
Elevation of Privilege
12242
Elevation of Privilege
12243
Elevation of Privilege
12244
Elevation of Privilege
12389
Elevation of Privilege
12390
Elevation of Privilege
12436
Important
11568
Important
11569
Important
11571
Important
11572
Important
11923
Important
11924
Important
11929
Important
11930
Important
11931
Important
12097
Important
12098
Important
12099
Important
12437
Important
20437
Important
20438
Important
12242
Important
12243
Important
12244
Important
12389
Important
12390
Important
12436
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
7.8
6.8
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
11568
7.8
6.8
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
11569
7.8
6.8
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
11571
7.8
6.8
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
11572
7.8
6.8
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
11923
7.8
6.8
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
11924
7.8
6.8
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
11929
7.8
6.8
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
11930
7.8
6.8
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
11931
7.8
6.8
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
12097
7.8
6.8
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
12098
7.8
6.8
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
12099
7.8
6.8
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
12437
7.8
6.8
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
20437
7.8
6.8
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
20438
7.8
6.8
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
12242
7.8
6.8
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
12243
7.8
6.8
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
12244
7.8
6.8
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
12389
7.8
6.8
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
12390
7.8
6.8
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
12436
5073723
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073723
5071544
11568
11569
11571
11572
Yes
Security Update
10.0.17763.8276
https://support.microsoft.com/help/5073723
11568
11569
11571
11572
5073723
5073723
https://support.microsoft.com/help/5073723
11568
11569
11571
11572
5073457
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073457
5071547
11923
11924
Yes
Security Update
10.0.20348.4648
https://support.microsoft.com/help/5073457
11923
11924
5073457
5073457
https://support.microsoft.com/help/5073457
11923
11924
5073724
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073724
5071546
11929
11930
11931
Yes
Security Update
10.0.19044.6809
https://support.microsoft.com/help/5073724
11929
11930
11931
5073724
5073724
https://support.microsoft.com/help/5073724
11929
11930
11931
12097
12098
12099
5073724
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073724
5071546
12097
12098
12099
Yes
Security Update
10.0.19045.6809
https://support.microsoft.com/help/5073724
12097
12098
12099
5073724
5073379
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073379
5072033
12437
12436
Yes
Security Update
10.0.26100.32230
https://support.microsoft.com/en-us/topic/a6021fd2-b3b7-45a7-b68e-35c28a2a77da
12437
12436
5073379
5073379
https://support.microsoft.com/help/5073379
12437
12436
5074109
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5074109
5072033
20437
20438
Yes
Security Update
10.0.26200.7623
https://support.microsoft.com/help/5074109
20437
20438
5074109
5074109
https://support.microsoft.com/help/5074109
20437
20438
12389
12390
5073455
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073455
5071417
12242
12243
Yes
Security Update
10.0.22631.6491
https://support.microsoft.com/help/5073455
12242
12243
5073455
5073455
https://support.microsoft.com/help/5073455
12242
12243
5073450
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073450
5071542
12244
Yes
Security Update
10.0.25398.2092
https://support.microsoft.com/help/5073450
12244
5073450
5073450
https://support.microsoft.com/help/5073450
12244
5074109
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5074109
5072033
12389
12390
Yes
Security Update
10.0.26100.7623
https://support.microsoft.com/help/5074109
12389
12390
5074109
Anonymous
1.0
2026-01-13T08:00:00
<p>Information published.</p>
Windows Management Services Elevation of Privilege Vulnerability
<p>Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Management Services allows an authorized attacker to elevate privileges locally.</p>
<p><strong>According to the CVSS metric, successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?</strong></p>
<p>In this case, a successful attack could be performed from a low privilege <a href="https://docs.microsoft.com/windows/win32/secauthz/appcontainer-isolation">AppContainer</a>. The attacker could elevate their privileges and execute code or access resources at a higher integrity level than that of the AppContainer execution environment.</p>
<p><strong>What privileges could be gained by an attacker who successfully exploited the vulnerability?</strong></p>
<p>An attacker could use this vulnerability to elevate privileges from a Low Integrity Level in a contained ("sandboxed") execution environment to a Medium Integrity Level. Please refer to <a href="https://learn.microsoft.com/en-us/windows/win32/secauthz/appcontainer-isolation">AppContainer isolation</a> and <a href="https://learn.microsoft.com/en-us/windows/win32/secauthz/mandatory-integrity-control">Mandatory Integrity Control</a> for more information.</p>
<p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p>
<p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p>
Windows Management Services
Microsoft
Yes
CVE-2026-20874
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
Use After Free
11568
11569
11571
11572
11923
11924
11929
11930
11931
12097
12098
12099
12437
20437
20438
12242
12243
12244
12389
12390
12436
Elevation of Privilege
11568
Elevation of Privilege
11569
Elevation of Privilege
11571
Elevation of Privilege
11572
Elevation of Privilege
11923
Elevation of Privilege
11924
Elevation of Privilege
11929
Elevation of Privilege
11930
Elevation of Privilege
11931
Elevation of Privilege
12097
Elevation of Privilege
12098
Elevation of Privilege
12099
Elevation of Privilege
12437
Elevation of Privilege
20437
Elevation of Privilege
20438
Elevation of Privilege
12242
Elevation of Privilege
12243
Elevation of Privilege
12244
Elevation of Privilege
12389
Elevation of Privilege
12390
Elevation of Privilege
12436
Important
11568
Important
11569
Important
11571
Important
11572
Important
11923
Important
11924
Important
11929
Important
11930
Important
11931
Important
12097
Important
12098
Important
12099
Important
12437
Important
20437
Important
20438
Important
12242
Important
12243
Important
12244
Important
12389
Important
12390
Important
12436
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
7.8
6.8
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
11568
7.8
6.8
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
11569
7.8
6.8
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
11571
7.8
6.8
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
11572
7.8
6.8
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
11923
7.8
6.8
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
11924
7.8
6.8
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
11929
7.8
6.8
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
11930
7.8
6.8
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
11931
7.8
6.8
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
12097
7.8
6.8
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
12098
7.8
6.8
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
12099
7.8
6.8
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
12437
7.8
6.8
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
20437
7.8
6.8
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
20438
7.8
6.8
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
12242
7.8
6.8
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
12243
7.8
6.8
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
12244
7.8
6.8
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
12389
7.8
6.8
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
12390
7.8
6.8
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
12436
5073723
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073723
5071544
11568
11569
11571
11572
Yes
Security Update
10.0.17763.8276
https://support.microsoft.com/help/5073723
11568
11569
11571
11572
5073723
5073723
https://support.microsoft.com/help/5073723
11568
11569
11571
11572
5073457
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073457
5071547
11923
11924
Yes
Security Update
10.0.20348.4648
https://support.microsoft.com/help/5073457
11923
11924
5073457
5073457
https://support.microsoft.com/help/5073457
11923
11924
5073724
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073724
5071546
11929
11930
11931
Yes
Security Update
10.0.19044.6809
https://support.microsoft.com/help/5073724
11929
11930
11931
5073724
5073724
https://support.microsoft.com/help/5073724
11929
11930
11931
12097
12098
12099
5073724
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073724
5071546
12097
12098
12099
Yes
Security Update
10.0.19045.6809
https://support.microsoft.com/help/5073724
12097
12098
12099
5073724
5073379
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073379
5072033
12437
12436
Yes
Security Update
10.0.26100.32230
https://support.microsoft.com/en-us/topic/a6021fd2-b3b7-45a7-b68e-35c28a2a77da
12437
12436
5073379
5073379
https://support.microsoft.com/help/5073379
12437
12436
5074109
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5074109
5072033
20437
20438
Yes
Security Update
10.0.26200.7623
https://support.microsoft.com/help/5074109
20437
20438
5074109
5074109
https://support.microsoft.com/help/5074109
20437
20438
12389
12390
5073455
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073455
5071417
12242
12243
Yes
Security Update
10.0.22631.6491
https://support.microsoft.com/help/5073455
12242
12243
5073455
5073455
https://support.microsoft.com/help/5073455
12242
12243
5073450
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073450
5071542
12244
Yes
Security Update
10.0.25398.2092
https://support.microsoft.com/help/5073450
12244
5073450
5073450
https://support.microsoft.com/help/5073450
12244
5074109
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5074109
5072033
12389
12390
Yes
Security Update
10.0.26100.7623
https://support.microsoft.com/help/5074109
12389
12390
5074109
Anonymous
1.0
2026-01-13T08:00:00
<p>Information published.</p>
Windows Motorola Soft Modem Driver Elevation of Privilege Vulnerability
<p>Microsoft is aware of vulnerabilities in the third party Motorola Soft Modem drivers that ships natively with supported Windows operating systems.</p>
<p>This is an announcement of the upcoming removal of smserl64.sys and smserial.sys drivers. The drivers have been removed in the January cumulative update.</p>
<p><strong>Soft modem hardware dependent on these specific drivers will no longer work on Windows.</strong></p>
<p>Microsoft recommends removing any existing dependencies on this hardware.</p>
<p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p>
<p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p>
Windows Motorola Soft Modem Driver
MITRE Corporation
Yes
CVE-2024-55414
Heap-based Buffer Overflow
11568
11569
11571
11572
11923
11924
11929
11930
11931
12097
12098
12099
12437
20437
20438
12242
12243
12244
12389
12390
12436
10852
10853
10816
10855
9312
10287
9318
9344
10051
10049
10378
10379
10483
10543
Elevation of Privilege
11568
Elevation of Privilege
11569
Elevation of Privilege
11571
Elevation of Privilege
11572
Elevation of Privilege
11923
Elevation of Privilege
11924
Elevation of Privilege
11929
Elevation of Privilege
11930
Elevation of Privilege
11931
Elevation of Privilege
12097
Elevation of Privilege
12098
Elevation of Privilege
12099
Elevation of Privilege
12437
Elevation of Privilege
20437
Elevation of Privilege
20438
Elevation of Privilege
12242
Elevation of Privilege
12243
Elevation of Privilege
12244
Elevation of Privilege
12389
Elevation of Privilege
12390
Elevation of Privilege
12436
Elevation of Privilege
10852
Elevation of Privilege
10853
Elevation of Privilege
10816
Elevation of Privilege
10855
Elevation of Privilege
9312
Elevation of Privilege
10287
Elevation of Privilege
9318
Elevation of Privilege
9344
Elevation of Privilege
10051
Elevation of Privilege
10049
Elevation of Privilege
10378
Elevation of Privilege
10379
Elevation of Privilege
10483
Elevation of Privilege
10543
Important
11568
Important
11569
Important
11571
Important
11572
Important
11923
Important
11924
Important
11929
Important
11930
Important
11931
Important
12097
Important
12098
Important
12099
Important
12437
Important
20437
Important
20438
Important
12242
Important
12243
Important
12244
Important
12389
Important
12390
Important
12436
Important
10852
Important
10853
Important
10816
Important
10855
Important
9312
Important
10287
Important
9318
Important
9344
Important
10051
Important
10049
Important
10378
Important
10379
Important
10483
Important
10543
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11568
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11569
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11571
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11572
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11923
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11924
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11929
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11930
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11931
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12097
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12098
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12099
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12437
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
20437
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
20438
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12242
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12243
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12244
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12389
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12390
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12436
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10852
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10853
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10816
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10855
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9312
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10287
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9318
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9344
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10051
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10049
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10378
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10379
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10483
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10543
5073723
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073723
5071544
11568
11569
11571
11572
Yes
Security Update
10.0.17763.8276
https://support.microsoft.com/help/5073723
11568
11569
11571
11572
5073723
5073723
https://support.microsoft.com/help/5073723
11568
11569
11571
11572
5073457
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073457
5071547
11923
11924
Yes
Security Update
10.0.20348.4648
https://support.microsoft.com/help/5073457
11923
11924
5073457
5073457
https://support.microsoft.com/help/5073457
11923
11924
5073724
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073724
5071546
11929
11930
11931
Yes
Security Update
10.0.19044.6809
https://support.microsoft.com/help/5073724
11929
11930
11931
5073724
5073724
https://support.microsoft.com/help/5073724
11929
11930
11931
12097
12098
12099
5073724
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073724
5071546
12097
12098
12099
Yes
Security Update
10.0.19045.6809
https://support.microsoft.com/help/5073724
12097
12098
12099
5073724
5073379
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073379
5072033
12437
12436
Yes
Security Update
10.0.26100.32230
https://support.microsoft.com/en-us/topic/a6021fd2-b3b7-45a7-b68e-35c28a2a77da
12437
12436
5073379
5073379
https://support.microsoft.com/help/5073379
12437
12436
5074109
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5074109
5072033
20437
20438
Yes
Security Update
10.0.26200.7623
https://support.microsoft.com/help/5074109
20437
20438
5074109
5074109
https://support.microsoft.com/help/5074109
20437
20438
12389
12390
5073455
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073455
5071417
12242
12243
Yes
Security Update
10.0.22631.6491
https://support.microsoft.com/help/5073455
12242
12243
5073455
5073455
https://support.microsoft.com/help/5073455
12242
12243
5073450
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073450
5071542
12244
Yes
Security Update
10.0.25398.2092
https://support.microsoft.com/help/5073450
12244
5073450
5073450
https://support.microsoft.com/help/5073450
12244
5074109
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5074109
5072033
12389
12390
Yes
Security Update
10.0.26100.7623
https://support.microsoft.com/help/5074109
12389
12390
5074109
5073722
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073722
5071543
10852
10853
10816
10855
Yes
Security Update
10.0.14393.8783
https://support.microsoft.com/help/5073722
10852
10853
10816
10855
5073722
5073697
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073697
5071504
9312
10287
9318
9344
Yes
Monthly Rollup
6.0.6003.23717
https://support.microsoft.com/help/5073697
9312
10287
9318
9344
5073697
5073700
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073700
9312
10287
9318
9344
Yes
Security Only
6.0.6003.23717
https://support.microsoft.com/help/5073700
9312
10287
9318
9344
5073700
5073695
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073695
5071501
10051
10049
Yes
Monthly Rollup
6.1.7601.28117
https://support.microsoft.com/help/5073695
10051
10049
5073695
5073699
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073699
10051
10049
Yes
Security Only
6.1.7601.28117
https://support.microsoft.com/help/5073699
10051
10049
5073699
5073698
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073698
5071505
10378
10379
Yes
Monthly Rollup
6.2.9200.25868
https://support.microsoft.com/help/5073698
10378
10379
5073698
5073696
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073696
5071503
10483
10543
Yes
Monthly Rollup
6.3.9600.22968
https://support.microsoft.com/help/5073696
10483
10543
5073696
<a href="https://twitter.com/keyz3r0">k0shl</a>
1.0
2026-01-13T08:00:00
<p>Information published.</p>
Windows HTTP.sys Elevation of Privilege Vulnerability
<p>Improper access control in Windows HTTP.sys allows an authorized attacker to elevate privileges over a network.</p>
<p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p>
<p>The Attack requires an Service Principal Name (SPN) that is registered to an account that no longer exists or is not in use, to be on the target machine.</p>
<p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p>
<p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p>
Windows HTTP.sys
Microsoft
Yes
CVE-2026-20929
Improper Access Control
11568
11569
11571
11572
11923
11924
11929
11930
11931
12097
12098
12099
12242
12243
12244
10852
10853
10816
10855
9312
10287
9318
9344
10051
10049
10378
10379
10483
10543
Elevation of Privilege
11568
Elevation of Privilege
11569
Elevation of Privilege
11571
Elevation of Privilege
11572
Elevation of Privilege
11923
Elevation of Privilege
11924
Elevation of Privilege
11929
Elevation of Privilege
11930
Elevation of Privilege
11931
Elevation of Privilege
12097
Elevation of Privilege
12098
Elevation of Privilege
12099
Elevation of Privilege
12242
Elevation of Privilege
12243
Elevation of Privilege
12244
Elevation of Privilege
10852
Elevation of Privilege
10853
Elevation of Privilege
10816
Elevation of Privilege
10855
Elevation of Privilege
9312
Elevation of Privilege
10287
Elevation of Privilege
9318
Elevation of Privilege
9344
Elevation of Privilege
10051
Elevation of Privilege
10049
Elevation of Privilege
10378
Elevation of Privilege
10379
Elevation of Privilege
10483
Elevation of Privilege
10543
Important
11568
Important
11569
Important
11571
Important
11572
Important
11923
Important
11924
Important
11929
Important
11930
Important
11931
Important
12097
Important
12098
Important
12099
Important
12242
Important
12243
Important
12244
Important
10852
Important
10853
Important
10816
Important
10855
Important
9312
Important
10287
Important
9318
Important
9344
Important
10051
Important
10049
Important
10378
Important
10379
Important
10483
Important
10543
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11568
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11569
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11571
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11572
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11923
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11924
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11929
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11930
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11931
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12097
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12098
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12099
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12242
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12243
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12244
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10852
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10853
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10816
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10855
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9312
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10287
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9318
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9344
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10051
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10049
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10378
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10379
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10483
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10543
5073723
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073723
5071544
11568
11569
11571
11572
Yes
Security Update
10.0.17763.8276
https://support.microsoft.com/help/5073723
11568
11569
11571
11572
5073723
5073723
https://support.microsoft.com/help/5073723
11568
11569
11571
11572
5073457
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073457
5071547
11923
11924
Yes
Security Update
10.0.20348.4648
https://support.microsoft.com/help/5073457
11923
11924
5073457
5073457
https://support.microsoft.com/help/5073457
11923
11924
5073724
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073724
5071546
11929
11930
11931
Yes
Security Update
10.0.19044.6809
https://support.microsoft.com/help/5073724
11929
11930
11931
5073724
5073724
https://support.microsoft.com/help/5073724
11929
11930
11931
12097
12098
12099
5073724
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073724
5071546
12097
12098
12099
Yes
Security Update
10.0.19045.6809
https://support.microsoft.com/help/5073724
12097
12098
12099
5073724
5073455
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073455
5071417
12242
12243
Yes
Security Update
10.0.22631.6491
https://support.microsoft.com/help/5073455
12242
12243
5073455
5073455
https://support.microsoft.com/help/5073455
12242
12243
5073450
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073450
5071542
12244
Yes
Security Update
10.0.25398.2092
https://support.microsoft.com/help/5073450
12244
5073450
5073450
https://support.microsoft.com/help/5073450
12244
5073722
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073722
5071543
10852
10853
10816
10855
Yes
Security Update
10.0.14393.8783
https://support.microsoft.com/help/5073722
10852
10853
10816
10855
5073722
5073697
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073697
5071504
9312
10287
9318
9344
Yes
Monthly Rollup
6.0.6003.23717
https://support.microsoft.com/help/5073697
9312
10287
9318
9344
5073697
5073700
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073700
9312
10287
9318
9344
Yes
Security Only
6.0.6003.23717
https://support.microsoft.com/help/5073700
9312
10287
9318
9344
5073700
5073695
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073695
5071501
10051
10049
Yes
Monthly Rollup
6.1.7601.28117
https://support.microsoft.com/help/5073695
10051
10049
5073695
5073699
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073699
10051
10049
Yes
Security Only
6.1.7601.28117
https://support.microsoft.com/help/5073699
10051
10049
5073699
5073698
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073698
5071505
10378
10379
Yes
Monthly Rollup
6.2.9200.25868
https://support.microsoft.com/help/5073698
10378
10379
5073698
5073696
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073696
5071503
10483
10543
Yes
Monthly Rollup
6.3.9600.22968
https://support.microsoft.com/help/5073696
10483
10543
5073696
<a href="https://twitter.com/decoder_it">Andrea Pierini</a> with <a href="https://www.semperis.com/">Semperis</a>
<a href="https://www.linkedin.com/in/ben-zamir-401003237">Ben Zamir</a> with Cymulate
Howard McGreehan with MSRC V&M
1.0
2026-01-13T08:00:00
<p>Information published.</p>
Windows Telephony Service Elevation of Privilege Vulnerability
<p>External control of file name or path in Windows Telephony Service allows an authorized attacker to elevate privileges over an adjacent network.</p>
<p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p>
<p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p>
<p><strong>How could an attacker exploit this vulnerability?</strong></p>
<p>An attacker with a low‑privileged domain account could remotely send crafted RPC requests to the Telephony service, causing it to write attacker‑controlled data into files on the server. By overwriting Telephony’s configuration file, the attacker can make themselves a Telephony administrator and trigger the service to load a malicious DLL, resulting in remote code execution under a privileged service account.</p>
<p><strong>According to the CVSS metric, the attack vector is adjacent (AV:A). What does that mean for this vulnerability?</strong></p>
<p>Successful exploitation of this vulnerability requires that an attacker needs to be in the same restricted Active Directory domain as the target system. The attack surface is not reachable from broader networks, which is why the attack vector is considered adjacent (AV:A).</p>
Windows Telephony Service
Microsoft
Yes
CVE-2026-20931
External Control of File Name or Path
11568
11569
11571
11572
11923
11924
11929
11930
11931
12097
12098
12099
12437
20437
20438
12242
12243
12244
12389
12390
12436
10852
10853
10816
10855
9312
10287
9318
9344
10051
10049
10378
10379
10483
10543
Elevation of Privilege
11568
Elevation of Privilege
11569
Elevation of Privilege
11571
Elevation of Privilege
11572
Elevation of Privilege
11923
Elevation of Privilege
11924
Elevation of Privilege
11929
Elevation of Privilege
11930
Elevation of Privilege
11931
Elevation of Privilege
12097
Elevation of Privilege
12098
Elevation of Privilege
12099
Elevation of Privilege
12437
Elevation of Privilege
20437
Elevation of Privilege
20438
Elevation of Privilege
12242
Elevation of Privilege
12243
Elevation of Privilege
12244
Elevation of Privilege
12389
Elevation of Privilege
12390
Elevation of Privilege
12436
Elevation of Privilege
10852
Elevation of Privilege
10853
Elevation of Privilege
10816
Elevation of Privilege
10855
Elevation of Privilege
9312
Elevation of Privilege
10287
Elevation of Privilege
9318
Elevation of Privilege
9344
Elevation of Privilege
10051
Elevation of Privilege
10049
Elevation of Privilege
10378
Elevation of Privilege
10379
Elevation of Privilege
10483
Elevation of Privilege
10543
Important
11568
Important
11569
Important
11571
Important
11572
Important
11923
Important
11924
Important
11929
Important
11930
Important
11931
Important
12097
Important
12098
Important
12099
Important
12437
Important
20437
Important
20438
Important
12242
Important
12243
Important
12244
Important
12389
Important
12390
Important
12436
Important
10852
Important
10853
Important
10816
Important
10855
Important
9312
Important
10287
Important
9318
Important
9344
Important
10051
Important
10049
Important
10378
Important
10379
Important
10483
Important
10543
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely
8.0
7.0
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11568
8.0
7.0
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11569
8.0
7.0
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11571
8.0
7.0
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11572
8.0
7.0
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11923
8.0
7.0
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11924
8.0
7.0
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11929
8.0
7.0
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11930
8.0
7.0
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11931
8.0
7.0
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12097
8.0
7.0
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12098
8.0
7.0
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12099
8.0
7.0
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12437
8.0
7.0
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
20437
8.0
7.0
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
20438
8.0
7.0
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12242
8.0
7.0
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12243
8.0
7.0
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12244
8.0
7.0
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12389
8.0
7.0
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12390
8.0
7.0
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12436
8.0
7.0
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10852
8.0
7.0
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10853
8.0
7.0
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10816
8.0
7.0
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10855
8.0
7.0
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9312
8.0
7.0
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10287
8.0
7.0
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9318
8.0
7.0
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9344
8.0
7.0
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10051
8.0
7.0
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10049
8.0
7.0
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10378
8.0
7.0
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10379
8.0
7.0
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10483
8.0
7.0
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10543
5073723
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073723
5071544
11568
11569
11571
11572
Yes
Security Update
10.0.17763.8276
https://support.microsoft.com/help/5073723
11568
11569
11571
11572
5073723
5073723
https://support.microsoft.com/help/5073723
11568
11569
11571
11572
5073457
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073457
5071547
11923
11924
Yes
Security Update
10.0.20348.4648
https://support.microsoft.com/help/5073457
11923
11924
5073457
5073457
https://support.microsoft.com/help/5073457
11923
11924
5073724
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073724
5071546
11929
11930
11931
Yes
Security Update
10.0.19044.6809
https://support.microsoft.com/help/5073724
11929
11930
11931
5073724
5073724
https://support.microsoft.com/help/5073724
11929
11930
11931
12097
12098
12099
5073724
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073724
5071546
12097
12098
12099
Yes
Security Update
10.0.19045.6809
https://support.microsoft.com/help/5073724
12097
12098
12099
5073724
5073379
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073379
5072033
12437
12436
Yes
Security Update
10.0.26100.32230
https://support.microsoft.com/en-us/topic/a6021fd2-b3b7-45a7-b68e-35c28a2a77da
12437
12436
5073379
5073379
https://support.microsoft.com/help/5073379
12437
12436
5074109
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5074109
5072033
20437
20438
Yes
Security Update
10.0.26200.7623
https://support.microsoft.com/help/5074109
20437
20438
5074109
5074109
https://support.microsoft.com/help/5074109
20437
20438
12389
12390
5073455
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073455
5071417
12242
12243
Yes
Security Update
10.0.22631.6491
https://support.microsoft.com/help/5073455
12242
12243
5073455
5073455
https://support.microsoft.com/help/5073455
12242
12243
5073450
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073450
5071542
12244
Yes
Security Update
10.0.25398.2092
https://support.microsoft.com/help/5073450
12244
5073450
5073450
https://support.microsoft.com/help/5073450
12244
5074109
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5074109
5072033
12389
12390
Yes
Security Update
10.0.26100.7623
https://support.microsoft.com/help/5074109
12389
12390
5074109
5073722
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073722
5071543
10852
10853
10816
10855
Yes
Security Update
10.0.14393.8783
https://support.microsoft.com/help/5073722
10852
10853
10816
10855
5073722
5073697
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073697
5071504
9312
10287
9318
9344
Yes
Monthly Rollup
6.0.6003.23717
https://support.microsoft.com/help/5073697
9312
10287
9318
9344
5073697
5073700
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073700
9312
10287
9318
9344
Yes
Security Only
6.0.6003.23717
https://support.microsoft.com/help/5073700
9312
10287
9318
9344
5073700
5073695
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073695
5071501
10051
10049
Yes
Monthly Rollup
6.1.7601.28117
https://support.microsoft.com/help/5073695
10051
10049
5073695
5073699
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073699
10051
10049
Yes
Security Only
6.1.7601.28117
https://support.microsoft.com/help/5073699
10051
10049
5073699
5073698
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073698
5071505
10378
10379
Yes
Monthly Rollup
6.2.9200.25868
https://support.microsoft.com/help/5073698
10378
10379
5073698
5073696
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073696
5071503
10483
10543
Yes
Monthly Rollup
6.3.9600.22968
https://support.microsoft.com/help/5073696
10483
10543
5073696
Sergey Bliznyuk with Positive Technologies
1.0
2026-01-13T08:00:00
<p>Information published.</p>
Windows Virtualization-Based Security (VBS) Information Disclosure Vulnerability
<p>Untrusted pointer dereference in Windows Virtualization-Based Security (VBS) Enclave allows an unauthorized attacker to disclose information locally.</p>
<p><strong>What type of information could be disclosed by this vulnerability?</strong></p>
<p>An attacker who successfully exploited this vulnerability could view Virtual Trust Level 1 (VTL1) data from Virtual Trust 0 (VTL0) which is the least privileged level.</p>
Windows Virtualization-Based Security (VBS) Enclave
Microsoft
Yes
CVE-2026-20935
Untrusted Pointer Dereference
20437
20438
12242
12243
12389
12390
Information Disclosure
20437
Information Disclosure
20438
Information Disclosure
12242
Information Disclosure
12243
Information Disclosure
12389
Information Disclosure
12390
Important
20437
Important
20438
Important
12242
Important
12243
Important
12389
Important
12390
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
6.2
5.4
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
20437
6.2
5.4
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
20438
6.2
5.4
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12242
6.2
5.4
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12243
6.2
5.4
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12389
6.2
5.4
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12390
5074109
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5074109
5072033
20437
20438
Yes
Security Update
10.0.26200.7623
https://support.microsoft.com/help/5074109
20437
20438
5074109
5074109
https://support.microsoft.com/help/5074109
20437
20438
12389
12390
5073455
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073455
5071417
12242
12243
Yes
Security Update
10.0.22631.6491
https://support.microsoft.com/help/5073455
12242
12243
5073455
5073455
https://support.microsoft.com/help/5073455
12242
12243
5074109
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5074109
5072033
12389
12390
Yes
Security Update
10.0.26100.7623
https://support.microsoft.com/help/5074109
12389
12390
5074109
1.0
2026-01-13T08:00:00
<p>Information published.</p>
Windows NDIS Information Disclosure Vulnerability
<p>Out-of-bounds read in Windows NDIS allows an authorized attacker to disclose information with a physical attack.</p>
<p><strong>What type of information could be disclosed by this vulnerability?</strong></p>
<p>Exploiting this vulnerability could allow the disclosure of certain kernel memory content.</p>
Windows NDIS
Microsoft
Yes
CVE-2026-20936
Out-of-bounds Read
11568
11569
11571
11572
11923
11924
11929
11930
11931
12097
12098
12099
12437
20437
20438
12242
12243
12244
12389
12390
12436
10852
10853
10816
10855
9312
10287
9318
9344
10051
10049
10378
10379
10483
10543
Information Disclosure
11568
Information Disclosure
11569
Information Disclosure
11571
Information Disclosure
11572
Information Disclosure
11923
Information Disclosure
11924
Information Disclosure
11929
Information Disclosure
11930
Information Disclosure
11931
Information Disclosure
12097
Information Disclosure
12098
Information Disclosure
12099
Information Disclosure
12437
Information Disclosure
20437
Information Disclosure
20438
Information Disclosure
12242
Information Disclosure
12243
Information Disclosure
12244
Information Disclosure
12389
Information Disclosure
12390
Information Disclosure
12436
Information Disclosure
10852
Information Disclosure
10853
Information Disclosure
10816
Information Disclosure
10855
Information Disclosure
9312
Information Disclosure
10287
Information Disclosure
9318
Information Disclosure
9344
Information Disclosure
10051
Information Disclosure
10049
Information Disclosure
10378
Information Disclosure
10379
Information Disclosure
10483
Information Disclosure
10543
Important
11568
Important
11569
Important
11571
Important
11572
Important
11923
Important
11924
Important
11929
Important
11930
Important
11931
Important
12097
Important
12098
Important
12099
Important
12437
Important
20437
Important
20438
Important
12242
Important
12243
Important
12244
Important
12389
Important
12390
Important
12436
Important
10852
Important
10853
Important
10816
Important
10855
Important
9312
Important
10287
Important
9318
Important
9344
Important
10051
Important
10049
Important
10378
Important
10379
Important
10483
Important
10543
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely
4.3
3.8
CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11568
4.3
3.8
CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11569
4.3
3.8
CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11571
4.3
3.8
CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11572
4.3
3.8
CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11923
4.3
3.8
CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11924
4.3
3.8
CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11929
4.3
3.8
CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11930
4.3
3.8
CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11931
4.3
3.8
CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12097
4.3
3.8
CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12098
4.3
3.8
CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12099
4.3
3.8
CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12437
4.3
3.8
CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
20437
4.3
3.8
CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
20438
4.3
3.8
CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12242
4.3
3.8
CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12243
4.3
3.8
CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12244
4.3
3.8
CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12389
4.3
3.8
CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12390
4.3
3.8
CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12436
4.3
3.8
CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10852
4.3
3.8
CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10853
4.3
3.8
CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10816
4.3
3.8
CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10855
4.3
3.8
CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
9312
4.3
3.8
CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10287
4.3
3.8
CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
9318
4.3
3.8
CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
9344
4.3
3.8
CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10051
4.3
3.8
CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10049
4.3
3.8
CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10378
4.3
3.8
CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10379
4.3
3.8
CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10483
4.3
3.8
CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10543
5073723
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073723
5071544
11568
11569
11571
11572
Yes
Security Update
10.0.17763.8276
https://support.microsoft.com/help/5073723
11568
11569
11571
11572
5073723
5073723
https://support.microsoft.com/help/5073723
11568
11569
11571
11572
5073457
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073457
5071547
11923
11924
Yes
Security Update
10.0.20348.4648
https://support.microsoft.com/help/5073457
11923
11924
5073457
5073457
https://support.microsoft.com/help/5073457
11923
11924
5073724
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073724
5071546
11929
11930
11931
Yes
Security Update
10.0.19044.6809
https://support.microsoft.com/help/5073724
11929
11930
11931
5073724
5073724
https://support.microsoft.com/help/5073724
11929
11930
11931
12097
12098
12099
5073724
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073724
5071546
12097
12098
12099
Yes
Security Update
10.0.19045.6809
https://support.microsoft.com/help/5073724
12097
12098
12099
5073724
5073379
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073379
5072033
12437
12436
Yes
Security Update
10.0.26100.32230
https://support.microsoft.com/en-us/topic/a6021fd2-b3b7-45a7-b68e-35c28a2a77da
12437
12436
5073379
5073379
https://support.microsoft.com/help/5073379
12437
12436
5074109
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5074109
5072033
20437
20438
Yes
Security Update
10.0.26200.7623
https://support.microsoft.com/help/5074109
20437
20438
5074109
5074109
https://support.microsoft.com/help/5074109
20437
20438
12389
12390
5073455
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073455
5071417
12242
12243
Yes
Security Update
10.0.22631.6491
https://support.microsoft.com/help/5073455
12242
12243
5073455
5073455
https://support.microsoft.com/help/5073455
12242
12243
5073450
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073450
5071542
12244
Yes
Security Update
10.0.25398.2092
https://support.microsoft.com/help/5073450
12244
5073450
5073450
https://support.microsoft.com/help/5073450
12244
5074109
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5074109
5072033
12389
12390
Yes
Security Update
10.0.26100.7623
https://support.microsoft.com/help/5074109
12389
12390
5074109
5073722
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073722
5071543
10852
10853
10816
10855
Yes
Security Update
10.0.14393.8783
https://support.microsoft.com/help/5073722
10852
10853
10816
10855
5073722
5073697
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073697
5071504
9312
10287
9318
9344
Yes
Monthly Rollup
6.0.6003.23717
https://support.microsoft.com/help/5073697
9312
10287
9318
9344
5073697
5073700
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073700
9312
10287
9318
9344
Yes
Security Only
6.0.6003.23717
https://support.microsoft.com/help/5073700
9312
10287
9318
9344
5073700
5073695
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073695
5071501
10051
10049
Yes
Monthly Rollup
6.1.7601.28117
https://support.microsoft.com/help/5073695
10051
10049
5073695
5073699
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073699
10051
10049
Yes
Security Only
6.1.7601.28117
https://support.microsoft.com/help/5073699
10051
10049
5073699
5073698
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073698
5071505
10378
10379
Yes
Monthly Rollup
6.2.9200.25868
https://support.microsoft.com/help/5073698
10378
10379
5073698
5073696
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073696
5071503
10483
10543
Yes
Monthly Rollup
6.3.9600.22968
https://support.microsoft.com/help/5073696
10483
10543
5073696
1.0
2026-01-13T08:00:00
<p>Information published.</p>
Windows File Explorer Information Disclosure Vulnerability
<p>Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an authorized attacker to disclose information locally.</p>
<p><strong>What type of information could be disclosed by this vulnerability?</strong></p>
<p>The type of information that could be disclosed if an attacker successfully exploited this vulnerability is an address from an object operating at a High Integrity Level in a contained ("sandboxed") execution environment.</p>
<p>Please refer to <a href="https://learn.microsoft.com/en-us/windows/win32/secauthz/appcontainer-isolation">AppContainer isolation</a> and <a href="https://learn.microsoft.com/en-us/windows/win32/secauthz/mandatory-integrity-control">Mandatory Integrity Control</a> for more information.</p>
Windows File Explorer
Microsoft
Yes
CVE-2026-20937
Exposure of Sensitive Information to an Unauthorized Actor
11568
11569
11571
11572
11923
11924
11929
11930
11931
12097
12098
12099
12437
20437
20438
12242
12243
12244
12389
12390
12436
10852
10853
10816
10855
Information Disclosure
11568
Information Disclosure
11569
Information Disclosure
11571
Information Disclosure
11572
Information Disclosure
11923
Information Disclosure
11924
Information Disclosure
11929
Information Disclosure
11930
Information Disclosure
11931
Information Disclosure
12097
Information Disclosure
12098
Information Disclosure
12099
Information Disclosure
12437
Information Disclosure
20437
Information Disclosure
20438
Information Disclosure
12242
Information Disclosure
12243
Information Disclosure
12244
Information Disclosure
12389
Information Disclosure
12390
Information Disclosure
12436
Information Disclosure
10852
Information Disclosure
10853
Information Disclosure
10816
Information Disclosure
10855
Important
11568
Important
11569
Important
11571
Important
11572
Important
11923
Important
11924
Important
11929
Important
11930
Important
11931
Important
12097
Important
12098
Important
12099
Important
12437
Important
20437
Important
20438
Important
12242
Important
12243
Important
12244
Important
12389
Important
12390
Important
12436
Important
10852
Important
10853
Important
10816
Important
10855
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11568
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11569
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11571
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11572
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11923
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11924
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11929
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11930
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11931
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12097
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12098
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12099
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12437
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
20437
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
20438
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12242
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12243
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12244
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12389
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12390
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12436
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10852
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10853
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10816
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10855
5073723
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073723
5071544
11568
11569
11571
11572
Yes
Security Update
10.0.17763.8276
https://support.microsoft.com/help/5073723
11568
11569
11571
11572
5073723
5073723
https://support.microsoft.com/help/5073723
11568
11569
11571
11572
5073457
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073457
5071547
11923
11924
Yes
Security Update
10.0.20348.4648
https://support.microsoft.com/help/5073457
11923
11924
5073457
5073457
https://support.microsoft.com/help/5073457
11923
11924
5073724
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073724
5071546
11929
11930
11931
Yes
Security Update
10.0.19044.6809
https://support.microsoft.com/help/5073724
11929
11930
11931
5073724
5073724
https://support.microsoft.com/help/5073724
11929
11930
11931
12097
12098
12099
5073724
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073724
5071546
12097
12098
12099
Yes
Security Update
10.0.19045.6809
https://support.microsoft.com/help/5073724
12097
12098
12099
5073724
5073379
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073379
5072033
12437
12436
Yes
Security Update
10.0.26100.32230
https://support.microsoft.com/en-us/topic/a6021fd2-b3b7-45a7-b68e-35c28a2a77da
12437
12436
5073379
5073379
https://support.microsoft.com/help/5073379
12437
12436
5074109
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5074109
5072033
20437
20438
Yes
Security Update
10.0.26200.7623
https://support.microsoft.com/help/5074109
20437
20438
5074109
5074109
https://support.microsoft.com/help/5074109
20437
20438
12389
12390
5073455
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073455
5071417
12242
12243
Yes
Security Update
10.0.22631.6491
https://support.microsoft.com/help/5073455
12242
12243
5073455
5073455
https://support.microsoft.com/help/5073455
12242
12243
5073450
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073450
5071542
12244
Yes
Security Update
10.0.25398.2092
https://support.microsoft.com/help/5073450
12244
5073450
5073450
https://support.microsoft.com/help/5073450
12244
5074109
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5074109
5072033
12389
12390
Yes
Security Update
10.0.26100.7623
https://support.microsoft.com/help/5074109
12389
12390
5074109
5073722
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073722
5071543
10852
10853
10816
10855
Yes
Security Update
10.0.14393.8783
https://support.microsoft.com/help/5073722
10852
10853
10816
10855
5073722
1.0
2026-01-13T08:00:00
<p>Information published.</p>
Windows File Explorer Information Disclosure Vulnerability
<p>Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an authorized attacker to disclose information locally.</p>
<p><strong>What type of information could be disclosed by this vulnerability?</strong></p>
<p>The type of information that could be disclosed if an attacker successfully exploited this vulnerability is the local memory address.</p>
Windows File Explorer
Microsoft
Yes
CVE-2026-20939
Exposure of Sensitive Information to an Unauthorized Actor
11568
11569
11571
11572
11923
11924
11929
11930
11931
12097
12098
12099
12437
20437
20438
12242
12243
12244
12389
12390
12436
10852
10853
10816
10855
Information Disclosure
11568
Information Disclosure
11569
Information Disclosure
11571
Information Disclosure
11572
Information Disclosure
11923
Information Disclosure
11924
Information Disclosure
11929
Information Disclosure
11930
Information Disclosure
11931
Information Disclosure
12097
Information Disclosure
12098
Information Disclosure
12099
Information Disclosure
12437
Information Disclosure
20437
Information Disclosure
20438
Information Disclosure
12242
Information Disclosure
12243
Information Disclosure
12244
Information Disclosure
12389
Information Disclosure
12390
Information Disclosure
12436
Information Disclosure
10852
Information Disclosure
10853
Information Disclosure
10816
Information Disclosure
10855
Important
11568
Important
11569
Important
11571
Important
11572
Important
11923
Important
11924
Important
11929
Important
11930
Important
11931
Important
12097
Important
12098
Important
12099
Important
12437
Important
20437
Important
20438
Important
12242
Important
12243
Important
12244
Important
12389
Important
12390
Important
12436
Important
10852
Important
10853
Important
10816
Important
10855
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11568
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11569
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11571
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11572
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11923
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11924
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11929
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11930
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11931
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12097
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12098
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12099
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12437
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
20437
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
20438
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12242
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12243
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12244
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12389
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12390
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12436
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10852
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10853
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10816
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10855
5073723
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073723
5071544
11568
11569
11571
11572
Yes
Security Update
10.0.17763.8276
https://support.microsoft.com/help/5073723
11568
11569
11571
11572
5073723
5073723
https://support.microsoft.com/help/5073723
11568
11569
11571
11572
5073457
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073457
5071547
11923
11924
Yes
Security Update
10.0.20348.4648
https://support.microsoft.com/help/5073457
11923
11924
5073457
5073457
https://support.microsoft.com/help/5073457
11923
11924
5073724
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073724
5071546
11929
11930
11931
Yes
Security Update
10.0.19044.6809
https://support.microsoft.com/help/5073724
11929
11930
11931
5073724
5073724
https://support.microsoft.com/help/5073724
11929
11930
11931
12097
12098
12099
5073724
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073724
5071546
12097
12098
12099
Yes
Security Update
10.0.19045.6809
https://support.microsoft.com/help/5073724
12097
12098
12099
5073724
5073379
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073379
5072033
12437
12436
Yes
Security Update
10.0.26100.32230
https://support.microsoft.com/en-us/topic/a6021fd2-b3b7-45a7-b68e-35c28a2a77da
12437
12436
5073379
5073379
https://support.microsoft.com/help/5073379
12437
12436
5074109
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5074109
5072033
20437
20438
Yes
Security Update
10.0.26200.7623
https://support.microsoft.com/help/5074109
20437
20438
5074109
5074109
https://support.microsoft.com/help/5074109
20437
20438
12389
12390
5073455
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073455
5071417
12242
12243
Yes
Security Update
10.0.22631.6491
https://support.microsoft.com/help/5073455
12242
12243
5073455
5073455
https://support.microsoft.com/help/5073455
12242
12243
5073450
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073450
5071542
12244
Yes
Security Update
10.0.25398.2092
https://support.microsoft.com/help/5073450
12244
5073450
5073450
https://support.microsoft.com/help/5073450
12244
5074109
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5074109
5072033
12389
12390
Yes
Security Update
10.0.26100.7623
https://support.microsoft.com/help/5074109
12389
12390
5074109
5073722
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073722
5071543
10852
10853
10816
10855
Yes
Security Update
10.0.14393.8783
https://support.microsoft.com/help/5073722
10852
10853
10816
10855
5073722
1.0
2026-01-13T08:00:00
<p>Information published.</p>
Microsoft Word Remote Code Execution Vulnerability
<p>Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to execute code locally.</p>
<p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p>
<p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability.</p>
<p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p>
<p>An attacker must send a user a malicious Office file and convince them to open it.</p>
<p><strong>There are multiple update packages available for some of the affected software. Do I need to install all the updates listed in the Security Updates table for the software?</strong></p>
<p>Yes. Customers should apply all updates offered for the software installed on their systems. If multiple updates apply, they can be installed in any order.</p>
<p><strong>Is the Preview Pane an attack vector for this vulnerability?</strong></p>
<p>No, the Preview Pane is not an attack vector.</p>
Microsoft Office Word
Microsoft
Yes
CVE-2026-20948
Untrusted Pointer Dereference
10950
11585
11573
11574
11762
11763
11951
11952
11953
12420
12421
12440
10746
10747
Remote Code Execution
10950
Remote Code Execution
11585
Remote Code Execution
11573
Remote Code Execution
11574
Remote Code Execution
11762
Remote Code Execution
11763
Remote Code Execution
11951
Remote Code Execution
11952
Remote Code Execution
11953
Remote Code Execution
12420
Remote Code Execution
12421
Remote Code Execution
12440
Remote Code Execution
10746
Remote Code Execution
10747
Important
10950
Important
11585
Important
11573
Important
11574
Important
11762
Important
11763
Important
11951
Important
11952
Important
11953
Important
12420
Important
12421
Important
12440
Important
10746
Important
10747
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10950
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11585
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11573
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11574
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11762
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11763
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11951
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11952
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11953
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12420
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12421
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12440
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10746
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10747
5002828
https://www.microsoft.com/en-us/download/details.aspx?id=108518
5002821
10950
Maybe
Security Update
16.0.5535.1001
https://support.microsoft.com/help/5002828
10950
5002828
5002827
https://www.microsoft.com/en-us/download/details.aspx?id=108519
5002804
10950
Maybe
Security Update
16.0.5535.1000
https://support.microsoft.com/help/5002827
10950
5002827
5002825
https://www.microsoft.com/en-us/download/details.aspx?id=108525
5002816
11585
Maybe
Security Update
16.0.10417.20083
https://support.microsoft.com/help/5002825
11585
5002825
5002823
https://www.microsoft.com/en-us/download/details.aspx?id=108520
5002802
11585
Maybe
Security Update
16.0.10417.20083
https://support.microsoft.com/help/5002823
11585
5002823
Click to Run
11573
11574
11762
11763
11952
11953
12420
12421
No
Security Update
https://aka.ms/OfficeSecurityReleases
https://docs.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates
11573
11574
11762
11763
11952
11953
12420
12421
Click to Run
Release Notes
https://go.microsoft.com/fwlink/p/?linkid=831049
11951
12440
Maybe
Security Update
16.105.26011018
https://go.microsoft.com/fwlink/p/?linkid=831049
11951
12440
Release Notes
5002829
https://www.microsoft.com/en-us/download/details.aspx?id=108524
5002789
10746
Maybe
Security Update
16.0.5535.1000
https://support.microsoft.com/help/5002829
10746
5002829
5002829
https://www.microsoft.com/en-us/download/details.aspx?id=108524
5002806
10747
Maybe
Security Update
16.0.5535.1000
https://support.microsoft.com/help/5002829
10747
5002829
wh1tc@Kunlun lab& devoke & Zhiniang Peng with HUST
1.0
2026-01-13T08:00:00
<p>Information published.</p>
Microsoft Excel Security Feature Bypass Vulnerability
<p>Improper access control in Microsoft Office Excel allows an unauthorized attacker to bypass a security feature locally.</p>
<p><strong>What kind of security feature could be bypassed by successfully exploiting this vulnerability?</strong></p>
<p>The security feature bypassed is the macro security controls, specifically the setting that disables XL4 macros (Excel 4.0 macros).</p>
<p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p>
<p>The user must open the malicious workbook, enable editing, and then click the attacker‑supplied Quick Access Toolbar (QAT) button, which triggers the XL4 macro despite Trust Center protections.</p>
<p><strong>Is the Preview Pane an attack vector for this vulnerability?</strong></p>
<p>No, the Preview Pane is not an attack vector.</p>
Microsoft Office Excel
Microsoft
Yes
CVE-2026-20949
Improper Access Control
11762
11763
11951
11952
11953
12420
12421
12440
Security Feature Bypass
11762
Security Feature Bypass
11763
Security Feature Bypass
11951
Security Feature Bypass
11952
Security Feature Bypass
11953
Security Feature Bypass
12420
Security Feature Bypass
12421
Security Feature Bypass
12440
Important
11762
Important
11763
Important
11951
Important
11952
Important
11953
Important
12420
Important
12421
Important
12440
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11762
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11763
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11951
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11952
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11953
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12420
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12421
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12440
Click to Run
11762
11763
11952
11953
12420
12421
No
Security Update
https://aka.ms/OfficeSecurityReleases
https://docs.microsoft.com/en-us/officeupdates/office365-proplus-security-updates
11762
11763
11952
11953
12420
12421
Click to Run
Release Notes
https://go.microsoft.com/fwlink/p/?linkid=831049
11951
12440
Maybe
Security Update
16.105.26011018
https://go.microsoft.com/fwlink/p/?linkid=831049
11951
12440
Release Notes
Anonymous
1.0
2026-01-13T08:00:00
<p>Information published.</p>
Microsoft Excel Remote Code Execution Vulnerability
<p>Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.</p>
<p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p>
<p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability.</p>
<p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p>
<p>An attacker must send a user a malicious Office file and convince them to open it.</p>
<p><strong>Is the Preview Pane an attack vector for this vulnerability?</strong></p>
<p>No, the Preview Pane is not an attack vector.</p>
Microsoft Office Excel
Microsoft
Yes
CVE-2026-20950
Use After Free
10836
11573
11574
11762
11763
11951
11952
11953
12420
12421
12440
10739
10740
Remote Code Execution
10836
Remote Code Execution
11573
Remote Code Execution
11574
Remote Code Execution
11762
Remote Code Execution
11763
Remote Code Execution
11951
Remote Code Execution
11952
Remote Code Execution
11953
Remote Code Execution
12420
Remote Code Execution
12421
Remote Code Execution
12440
Remote Code Execution
10739
Remote Code Execution
10740
Important
10836
Important
11573
Important
11574
Important
11762
Important
11763
Important
11951
Important
11952
Important
11953
Important
12420
Important
12421
Important
12440
Important
10739
Important
10740
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10836
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11573
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11574
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11762
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11763
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11951
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11952
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11953
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12420
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12421
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12440
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10739
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10740
5002824
https://www.microsoft.com/en-us/download/details.aspx?id=108522
5002817
10836
Maybe
Security Update
16.0.10417.20083
https://support.microsoft.com/help/5002824
10836
5002824
Click to Run
11573
11574
11762
11763
11952
11953
12420
12421
No
Security Update
https://aka.ms/OfficeSecurityReleases
https://docs.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates
11573
11574
11762
11763
11952
11953
12420
12421
Click to Run
Release Notes
https://go.microsoft.com/fwlink/p/?linkid=831049
11951
12440
Maybe
Security Update
16.105.26011018
https://go.microsoft.com/fwlink/p/?linkid=831049
11951
12440
Release Notes
5002831
https://www.microsoft.com/en-us/download/details.aspx?id=108521
5002820
10739
10740
Maybe
Security Update
16.0.5535.1000
https://support.microsoft.com/help/5002831
10739
10740
5002831
<a href="https://www.linkedin.com/in/boolgombear/">Minjea Park</a>
1.0
2026-01-13T08:00:00
<p>Information published.</p>
Microsoft Office Remote Code Execution Vulnerability
<p>Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.</p>
<p><strong>Is the Preview Pane an attack vector for this vulnerability?</strong></p>
<p>Yes, the Preview Pane is an attack vector.</p>
<p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p>
<p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability.</p>
<p><strong>How could an attacker exploit this vulnerability?</strong></p>
<p>To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system.</p>
<p>Additionally, an attacker could convince a local user to open a malicious file. The attacker would have to convince the user to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file.</p>
<p><strong>How could an attacker exploit this vulnerability?</strong></p>
<p>Exploitation of this vulnerability requires that an attacker send a malicious link to the victim via email, or that they convince the user to click the link, typically by way of an enticement in an email or Instant Messenger message. In the worst-case email attack scenario, an attacker could send a specially crafted email to the user without a requirement that the victim open, read, or click on the link. This could result in the attacker executing remote code on the victim's machine. When multiple attack vectors can be used, we assign a score based on the scenario with the higher risk (UI:N).</p>
Microsoft Office
Microsoft
Yes
CVE-2026-20952
Use After Free
11574
11573
11762
11763
11951
11952
11953
12420
12421
12440
10753
10754
Remote Code Execution
11574
Remote Code Execution
11573
Remote Code Execution
11762
Remote Code Execution
11763
Remote Code Execution
11951
Remote Code Execution
11952
Remote Code Execution
11953
Remote Code Execution
12420
Remote Code Execution
12421
Remote Code Execution
12440
Remote Code Execution
10753
Remote Code Execution
10754
Critical
11574
Critical
11573
Critical
11762
Critical
11763
Critical
11951
Critical
11952
Critical
11953
Critical
12420
Critical
12421
Critical
12440
Critical
10753
Critical
10754
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
8.4
7.3
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11574
8.4
7.3
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11573
8.4
7.3
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11762
8.4
7.3
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11763
8.4
7.3
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11951
8.4
7.3
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11952
8.4
7.3
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11953
8.4
7.3
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12420
8.4
7.3
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12421
8.4
7.3
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12440
8.4
7.3
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10753
8.4
7.3
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10754
Click to Run
11574
11573
11762
11763
11952
11953
12420
12421
No
Security Update
https://aka.ms/OfficeSecurityReleases
https://docs.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates
11574
11573
11762
11763
11952
11953
12420
12421
Click to Run
Release Notes
https://go.microsoft.com/fwlink/p/?linkid=831049
11951
12440
Maybe
Security Update
16.105.26011018
https://go.microsoft.com/fwlink/p/?linkid=831049
11951
12440
Release Notes
5002826
https://www.microsoft.com/en-us/download/details.aspx?id=108523
5002819
10753
10754
Maybe
Security Update
16.0.5535.1000
https://support.microsoft.com/help/5002826
10753
10754
5002826
Anonymous
1.0
2026-01-13T08:00:00
<p>Information published.</p>
Microsoft Excel Remote Code Execution Vulnerability
<p>Integer underflow (wrap or wraparound) in Microsoft Office Excel allows an unauthorized attacker to execute code locally.</p>
<p><strong>Is the Preview Pane an attack vector for this vulnerability?</strong></p>
<p>No, the Preview Pane is not an attack vector.</p>
<p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p>
<p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability.</p>
<p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p>
<p>An attacker must send a user a malicious Office file and convince them to open it.</p>
Microsoft Office Excel
Microsoft
Yes
CVE-2026-20957
Integer Underflow (Wrap or Wraparound)
Heap-based Buffer Overflow
10836
11573
11574
11762
11763
11951
11952
11953
12420
12421
12440
10739
10740
Remote Code Execution
10836
Remote Code Execution
11573
Remote Code Execution
11574
Remote Code Execution
11762
Remote Code Execution
11763
Remote Code Execution
11951
Remote Code Execution
11952
Remote Code Execution
11953
Remote Code Execution
12420
Remote Code Execution
12421
Remote Code Execution
12440
Remote Code Execution
10739
Remote Code Execution
10740
Critical
10836
Critical
11573
Critical
11574
Critical
11762
Critical
11763
Critical
11951
Critical
11952
Critical
11953
Critical
12420
Critical
12421
Critical
12440
Critical
10739
Critical
10740
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10836
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11573
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11574
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11762
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11763
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11951
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11952
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11953
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12420
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12421
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12440
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10739
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10740
5002824
https://www.microsoft.com/en-us/download/details.aspx?id=108522
5002817
10836
Maybe
Security Update
16.0.10417.20083
https://support.microsoft.com/help/5002824
10836
5002824
Click to Run
11573
11574
11762
11763
11952
11953
12420
12421
No
Security Update
https://aka.ms/OfficeSecurityReleases
https://docs.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates
11573
11574
11762
11763
11952
11953
12420
12421
Click to Run
Release Notes
https://go.microsoft.com/fwlink/p/?linkid=831049
11951
12440
Maybe
Security Update
16.105.26011018
https://go.microsoft.com/fwlink/p/?linkid=831049
11951
12440
Release Notes
5002831
https://www.microsoft.com/en-us/download/details.aspx?id=108521
5002820
10739
10740
Maybe
Security Update
16.0.5535.1000
https://support.microsoft.com/help/5002831
10739
10740
5002831
<a href="https://www.linkedin.com/in/boolgombear/">Minjea Park & "Jmini"</a>
1.0
2026-01-13T08:00:00
<p>Information published.</p>
Microsoft SharePoint Information Disclosure Vulnerability
<p>Server-side request forgery (ssrf) in Microsoft Office SharePoint allows an authorized attacker to disclose information over a network.</p>
<p><strong>What type of information could be disclosed through this issue?</strong></p>
<p>The vulnerability may allow limited exposure of data returned from outbound requests SharePoint makes on the attacker’s behalf, such as external HTTP responses or basic network metadata, but not internal network content or sensitive server information.</p>
<p><strong>According to the CVSS metrics, successful exploitation of this vulnerability could lead to some loss of confidentiality (C:L), and integrity (I:L) but lead to no loss of availability (A:N). What is the impact of this vulnerability?</strong></p>
<p>An attacker who successfully exploited the vulnerability could view some sensitive information (Confidentiality), make changes to disclosed information (Integrity), but cannot limit access to the resource (Availability).</p>
Microsoft Office SharePoint
Microsoft
Yes
CVE-2026-20958
Server-Side Request Forgery (SSRF)
10950
11585
11961
Information Disclosure
10950
Information Disclosure
11585
Information Disclosure
11961
Important
10950
Important
11585
Important
11961
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
5.4
4.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C
10950
5.4
4.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C
11585
5.4
4.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C
11961
5002828
https://www.microsoft.com/en-us/download/details.aspx?id=108518
5002821
10950
Maybe
Security Update
16.0.5535.1001
https://support.microsoft.com/help/5002828
10950
5002828
5002825
https://www.microsoft.com/en-us/download/details.aspx?id=108525
5002816
11585
Maybe
Security Update
16.0.10417.20083
https://support.microsoft.com/help/5002825
11585
5002825
5002822
https://www.microsoft.com/en-us/download/details.aspx?id=108517
5002815
11961
Maybe
Security Update
16.0.19127.20442
https://support.microsoft.com/help/5002822
11961
5002822
<a href="https://telefonica.com/">Telefónica Ninja Team</a>
<a href="https://telefonica.com/">Telefónica Ninja Team</a>
1.1
2026-01-14T08:00:00
<p>Updated acknowledgment. This is an informational change only.</p>
1.0
2026-01-13T08:00:00
<p>Information published.</p>
Host Process for Windows Tasks Elevation of Privilege Vulnerability
<p>Improper link resolution before file access ('link following') in Host Process for Windows Tasks allows an authorized attacker to elevate privileges locally.</p>
<p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p>
<p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p>
Host Process for Windows Tasks
Microsoft
Yes
CVE-2026-20941
Improper Link Resolution Before File Access ('Link Following')
12437
20437
20438
12389
12390
12436
Elevation of Privilege
12437
Elevation of Privilege
20437
Elevation of Privilege
20438
Elevation of Privilege
12389
Elevation of Privilege
12390
Elevation of Privilege
12436
Important
12437
Important
20437
Important
20438
Important
12389
Important
12390
Important
12436
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12437
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
20437
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
20438
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12389
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12390
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12436
5073379
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073379
5072033
12437
12436
Yes
Security Update
10.0.26100.32230
https://support.microsoft.com/en-us/topic/a6021fd2-b3b7-45a7-b68e-35c28a2a77da
12437
12436
5073379
5073379
https://support.microsoft.com/help/5073379
12437
12436
5074109
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5074109
5072033
20437
20438
Yes
Security Update
10.0.26200.7623
https://support.microsoft.com/help/5074109
20437
20438
5074109
5074109
https://support.microsoft.com/help/5074109
20437
20438
12389
12390
5074109
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5074109
5072033
12389
12390
Yes
Security Update
10.0.26100.7623
https://support.microsoft.com/help/5074109
12389
12390
5074109
<p>The following workaround might be helpful in your situation. In all cases, Microsoft strongly recommends that you install the updates for this vulnerability as soon as possible:</p>
<p>Customers running Windows Server 2025 who have Desktop Experience installed are affected by this vulnerability. To protect yourself you can disable the following task in Task Scheduler:</p>
<p>\Microsoft\Windows\WindowsAI\Recall\PolicyConfiguration</p>
<p>You should reenable the task once you have installed the fix.</p>
<p><strong>Important</strong>: Do NOT undo the workaround until after you have installed the update.</p>
<a href="https://twitter.com/filip_dragovic">Filip Dragović</a>
Nacl
1.0
2026-01-13T08:00:00
<p>Information published.</p>
Azure Core shared client library for Python Remote Code Execution Vulnerability
<p>Deserialization of untrusted data in Azure Core shared client library for Python allows an authorized attacker to execute code over a network.</p>
<p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p>
<p>Successful exploitation of this vulnerability requires an attacker to gather information specific to the environment of the targeted component.</p>
<p><strong>According to the CVSS metric, privileges required is low (PR:L) but the attack occurs remotely. What does that mean for this vulnerability?</strong></p>
<p>To exploit this vulnerability, an attacker would be required change a valid token to be malicious to the service/app which would require developer-type authorization.</p>
Azure Core shared client library for Python
Microsoft
Yes
CVE-2026-21226
Deserialization of Untrusted Data
20805
Remote Code Execution
20805
Important
20805
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
20805
Change Log
https://github.com/Azure/azure-sdk-for-python/blob/main/sdk/core/azure-core/CHANGELOG.md#1380-2026-01-08
20805
Maybe
Security Update
1.38.0
https://github.com/Azure/azure-sdk-for-python/blob/main/sdk/core/azure-core/CHANGELOG.md#1380-2026-01-08
20805
Change Log
<a href="https://funscoietyxboyz.github.io/0xboyz/">Muhammad Fadilullah Dzaki</a>
1.0
2026-01-13T08:00:00
<p>Information published.</p>
Chromium: CVE-2026-0628 Insufficient policy enforcement in WebView tag
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2024">Google Chrome Releases</a> for more information.</p>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>143.0.3650.139</td>
<td>01/08/2026</td>
<td>143.0.7499.192/.193</td>
</tr>
</tbody>
</table>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-0628
11655
11655
11655
Release Notes
11655
No
Security Update
143.0.3650.139
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-01-09T08:00:09
<p>Information published.</p>
Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability
<p>Improper privilege management in Microsoft Edge (Chromium-based) allows an authorized attacker to bypass a security feature locally.</p>
<p><strong>What kind of security feature could be bypassed by successfully exploiting this vulnerability?</strong></p>
<p>An authenticated local attacker can disable or enable Windows VBS without administrative privileges, resulting in bypass of platform security hardening. This does not grant direct code execution as another user but weakens system security guarantees, enabling follow‑on attacks.</p>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>144.0.3719.82</td>
<td>01/16/2026</td>
<td>144.0.7559.60</td>
</tr>
</tbody>
</table>
<p><strong>According to the CVSS metrics, successful exploitation of this vulnerability could lead to major loss of confidentiality (C:H) and integrity (I:H). What does that mean for this vulnerability?</strong></p>
<p>Virtualization-Based Security (VBS) safeguards credentials by isolating them within a secure environment. Disabling VBS reduces this isolation, compromising both confidentiality and integrity. It also weakens essential platform protections such as Credential Guard, Hypervisor-Protected Code Integrity (HVCI), and the Secure Kernel, resulting in a security feature bypass.</p>
Microsoft Edge (Chromium-based)
Microsoft
Yes
CVE-2026-21223
Improper Privilege Management
11655
11655
11655
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
7.1
6.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
11655
Release Notes
11655
No
Security Update
144.0.3719.82
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
<a href="https://www.linkedin.com/in/alex-bernier-8a0515aa/">Alex Bernier</a> with <a href="https://crowdstrike.com/">CrowdStrike</a>
1.0
2026-01-16T08:00:00
<p>Information published.</p>
1.1
2026-02-19T08:00:00
<p>Updated information to include CVSS scores. This is an informational change only.</p>
Chromium: CVE-2026-0908 Use after free in ANGLE
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2024">Google Chrome Releases</a> for more information.</p>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>144.0.3719.82</td>
<td>01/16/2026</td>
<td>144.0.7559.60</td>
</tr>
</tbody>
</table>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-0908
11655
11655
11655
Release Notes
11655
No
Security Update
144.0.3719.82
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-01-16T20:08:26
<p>Information published.</p>
Chromium: CVE-2026-0900 Inappropriate implementation in V8
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2024">Google Chrome Releases</a> for more information.</p>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>144.0.3719.82</td>
<td>01/16/2026</td>
<td>144.0.7559.60</td>
</tr>
</tbody>
</table>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-0900
11655
11655
11655
Release Notes
11655
No
Security Update
144.0.3719.82
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-01-16T20:08:19
<p>Information published.</p>
Copilot Studio Information Disclosure Vulnerability
<p>Exposure of Sensitive Information to an Unauthorized Actor in Copilot Studio allows a unauthenticated attacker to view sensitive information through network attack vector</p>
<p><strong>Why are there no links to an update or instructions with steps that must be taken to protect from this vulnerability?</strong></p>
<p>This vulnerability has already been fully mitigated by Microsoft. There is no action for users of this service to take. The purpose of this CVE is to provide further transparency.</p>
<p>Please see <a href="https://aka.ms/MSRC-Cloud-CVEs">Toward greater transparency: Unveiling Cloud Service CVEs</a> for more information.</p>
Copilot Studio
Microsoft
No
CVE-2026-21520
Improper Neutralization of Special Elements used in a Command ('Command Injection')
12400
Information Disclosure
12400
Critical
12400
Publicly Disclosed:No;Exploited:No;Latest Software Release:N/A
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C/CR:H/IR:L/AR:L
12400
Capsule Security with <a href="https://capsule.security/">Capsule Security</a>
1.0
2026-01-22T08:00:00
<p>Information published.</p>
Azure Resource Manager Elevation of Privilege Vulnerability
<p>Improper access control in Azure Resource Manager allows an authorized attacker to elevate privileges over a network.</p>
<p><strong>Why are there no links to an update or instructions with steps that must be taken to protect from this vulnerability?</strong></p>
<p>This vulnerability has already been fully mitigated by Microsoft. There is no action for users of this service to take. The purpose of this CVE is to provide further transparency.</p>
<p>Please see <a href="https://aka.ms/MSRC-Cloud-CVEs">Toward greater transparency: Unveiling Cloud Service CVEs</a> for more information.</p>
Azure Resource Manager
Microsoft
No
CVE-2026-24304
Improper Access Control
12443
Elevation of Privilege
12443
Critical
12443
Publicly Disclosed:No;Exploited:No;Latest Software Release:N/A
9.9
8.6
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
12443
Matthew Jensen
1.0
2026-01-22T08:00:00
<p>Information published.</p>
Azure Front Door Elevation of Privilege Vulnerability
<p>Improper access control in Azure Front Door (AFD) allows an unauthorized attacker to elevate privileges over a network.</p>
<p><strong>Why are there no links to an update or instructions with steps that must be taken to protect from this vulnerability?</strong></p>
<p>This vulnerability has already been fully mitigated by Microsoft. There is no action for users of this service to take. The purpose of this CVE is to provide further transparency.</p>
<p>Please see <a href="https://aka.ms/MSRC-Cloud-CVEs">Toward greater transparency: Unveiling Cloud Service CVEs</a> for more information.</p>
Azure Front Door (AFD)
Microsoft
No
CVE-2026-24306
Improper Access Control
11985
Elevation of Privilege
11985
Critical
11985
Publicly Disclosed:No;Exploited:No;Latest Software Release:N/A
9.8
8.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11985
Sriharsha Pallekonda with Microsoft
Parul Garg with Microsoft
1.0
2026-01-22T08:00:00
<p>Information published.</p>
Azure Data Explorer Information Disclosure Vulnerability
<p>Exposure of sensitive information to an unauthorized actor in Azure Data Explorer allows an unauthorized attacker to disclose information over a network.</p>
<p><strong>Why are there no links to an update or instructions with steps that must be taken to protect from this vulnerability?</strong></p>
<p>This vulnerability has already been fully mitigated by Microsoft. There is no action for users of this service to take. The purpose of this CVE is to provide further transparency.</p>
<p>Please see <a href="https://aka.ms/MSRC-Cloud-CVEs">Toward greater transparency: Unveiling Cloud Service CVEs</a> for more information.</p>
Azure Data Explorer
Microsoft
No
CVE-2026-21524
Exposure of Sensitive Information to an Unauthorized Actor
12004
Information Disclosure
12004
Critical
12004
Publicly Disclosed:No;Exploited:No;Latest Software Release:N/A
7.4
6.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N/E:P/RL:O/RC:C
12004
<a href="https://www.linkedin.com/in/moshe-bernstein/">Moshe Bernstein</a> with <a href="https://www.tenable.com/">Tenable</a>
1.0
2026-01-22T08:00:00
<p>Information published.</p>
Azure Entra ID Elevation of Privilege Vulnerability
<p>Azure Entra ID Elevation of Privilege Vulnerability</p>
<p><strong>Why are there no links to an update or instructions with steps that must be taken to protect from this vulnerability?</strong></p>
<p>This vulnerability has already been fully mitigated by Microsoft. There is no action for users of this service to take. The purpose of this CVE is to provide further transparency.</p>
<p>Please see <a href="https://aka.ms/MSRC-Cloud-CVEs">Toward greater transparency: Unveiling Cloud Service CVEs</a> for more information.</p>
Azure Entra ID
Microsoft
No
CVE-2026-24305
Improper Authorization
12383
Elevation of Privilege
12383
Critical
12383
Publicly Disclosed:No;Exploited:No;Latest Software Release:N/A
9.3
8.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N/E:U/RL:O/RC:C
12383
Karel Rymes
Viacheslav Stratovych
1.0
2026-01-22T08:00:00
<p>Information published.</p>
M365 Copilot Information Disclosure Vulnerability
<p>Improper validation of specified type of input in M365 Copilot allows an unauthorized attacker to disclose information over a network.</p>
<p><strong>Why are there no links to an update or instructions with steps that must be taken to protect from this vulnerability?</strong></p>
<p>This vulnerability has already been fully mitigated by Microsoft. There is no action for users of this service to take. The purpose of this CVE is to provide further transparency.</p>
<p>Please see <a href="https://aka.ms/MSRC-Cloud-CVEs">Toward greater transparency: Unveiling Cloud Service CVEs</a> for more information.</p>
M365 Copilot
Microsoft
No
CVE-2026-24307
Improper Validation of Specified Type of Input
16765
Information Disclosure
16765
Critical
16765
Publicly Disclosed:No;Exploited:No;Latest Software Release:N/A
9.3
8.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C
16765
<a href="https://x.com/es7evam">Estevam Arantes</a> with Microsoft
1.0
2026-01-22T08:00:00
<p>Information published.</p>
Azure Logic Apps Elevation of Privilege Vulnerability
<p>Improper limitation of a pathname to a restricted directory ('path traversal') in Azure Logic Apps allows an unauthorized attacker to elevate privileges over a network.</p>
<p><strong>Why are there no links to an update or instructions with steps that must be taken to protect from this vulnerability?</strong></p>
<p>This vulnerability has already been fully mitigated by Microsoft. There is no action for users of this service to take. The purpose of this CVE is to provide further transparency.</p>
<p>Please see <a href="https://aka.ms/MSRC-Cloud-CVEs">Toward greater transparency: Unveiling Cloud Service CVEs</a> for more information.</p>
Azure Logic Apps
Microsoft
No
CVE-2026-21227
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
12228
Elevation of Privilege
12228
Critical
12228
Publicly Disclosed:No;Exploited:No;Latest Software Release:N/A
8.2
7.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N/E:U/RL:O/RC:C
12228
Haakon Gulbrandsrud with <a href="https://binarysecurity.no/">Binary Security</a>
1.0
2026-01-22T08:00:00
<p>Information published.</p>
Word Copilot Information Disclosure Vulnerability
<p>Improper neutralization of escape, meta, or control sequences in Copilot allows an unauthorized attacker to disclose information over a network.</p>
<p><strong>Why are there no links to an update or instructions with steps that must be taken to protect from this vulnerability?</strong></p>
<p>This vulnerability has already been fully mitigated by Microsoft. There is no action for users of this service to take. The purpose of this CVE is to provide further transparency.</p>
<p>Please see <a href="https://aka.ms/MSRC-Cloud-CVEs">Toward greater transparency: Unveiling Cloud Service CVEs</a> for more information.</p>
Copilot
Microsoft
No
CVE-2026-21521
Improper Neutralization of Escape, Meta, or Control Sequences
20452
Information Disclosure
20452
Critical
20452
Publicly Disclosed:No;Exploited:No;Latest Software Release:N/A
7.4
6.4
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C
20452
Anonymous
1.0
2026-01-22T08:00:00
<p>Information published.</p>
Microsoft Account Spoofing Vulnerability
<p>Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Account allows an unauthorized attacker to perform spoofing over a network.</p>
<p><strong>Why are there no links to an update or instructions with steps that must be taken to protect from this vulnerability?</strong></p>
<p>This vulnerability has already been fully mitigated by Microsoft. There is no action for users of this service to take. The purpose of this CVE is to provide further transparency.</p>
<p>Please see <a href="https://aka.ms/MSRC-Cloud-CVEs">Toward greater transparency: Unveiling Cloud Service CVEs</a> for more information.</p>
Microsoft Account
Microsoft
No
CVE-2026-21264
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
12474
Spoofing
12474
Critical
12474
Publicly Disclosed:No;Exploited:No;Latest Software Release:N/A
9.3
8.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C
12474
<a href="https://github.com/bufsnake">bufsnake</a>
Anonymous
1.0
2026-01-22T08:00:00
<p>Information published.</p>
Chromium: CVE-2026-1220 Race in V8
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2024">Google Chrome Releases</a> for more information.</p>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>144.0.3719.92</td>
<td>01/23/2026</td>
<td>144.0.7559.96/.97</td>
</tr>
</tbody>
</table>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-1220
11655
11655
11655
Release Notes
11655
No
Security Update
144.0.3719.92
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-01-23T08:00:22
<p>Information published.</p>
Microsoft Office Security Feature Bypass Vulnerability
<p>Reliance on untrusted inputs in a security decision in Microsoft Office allows an unauthorized attacker to bypass a security feature locally.</p>
<p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p>
<p>An attacker must send a user a malicious Office file and convince them to open it.</p>
<p><strong>Are the updates for Microsoft Office 2016 and 2019 currently available?</strong></p>
<p>Yes. As of January 26, 2026, the security update for Microsoft Office 2016 and 2019 is available. Customers running Microsoft Office 2016 and 2019 should ensure the update is installed to be protected from this vulnerability.</p>
<p><strong>How do I know what version of Office 2016 and 2019 I am running?</strong></p>
<p>On January 26 2026, Microsoft released build numbers for Office 2016 <strong>16.0.5539.1001</strong> and Office 2019 <strong>16.0.10417.20095</strong> to address this vulnerability.</p>
<p>To see what version you have installed:</p>
<ol>
<li>In a document click the <strong>File</strong> tab.</li>
<li>Click <strong>Account</strong> in the left hand pane.</li>
<li>Click <strong>About</strong> . The top line of the About dialog box will display the Build number.</li>
</ol>
<p><strong>What kind of security feature could be bypassed by successfully exploiting this vulnerability?</strong></p>
<p>This update addresses a vulnerability that bypasses OLE mitigations in Microsoft 365 and Microsoft Office which protect users from vulnerable COM/OLE controls.</p>
<p><strong>Is the Preview Pane an attack vector for this vulnerability?</strong></p>
<p>No, the Preview Pane is not an attack vector.</p>
Microsoft Office
Microsoft
Yes
CVE-2026-21509
Reliance on Untrusted Inputs in a Security Decision
11573
11574
11762
11763
11952
11953
12420
12421
10753
10754
Security Feature Bypass
11573
Security Feature Bypass
11574
Security Feature Bypass
11762
Security Feature Bypass
11763
Security Feature Bypass
11952
Security Feature Bypass
11953
Security Feature Bypass
12420
Security Feature Bypass
12421
Security Feature Bypass
10753
Security Feature Bypass
10754
Important
11573
Important
11574
Important
11762
Important
11763
Important
11952
Important
11953
Important
12420
Important
12421
Important
10753
Important
10754
Publicly Disclosed:No;Exploited:Yes;Latest Software Release:Exploitation Detected
7.8
7.2
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
11573
7.8
7.2
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
11574
7.8
7.2
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
11762
7.8
7.2
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
11763
7.8
7.2
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
11952
7.8
7.2
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
11953
7.8
7.2
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
12420
7.8
7.2
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
12421
7.8
7.2
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
10753
7.8
7.2
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
10754
Click to Run
11573
11574
No
Security Update
16.0.10417.20095
https://learn.microsoft.com/en-us/officeupdates/update-history-office-2019
11573
11574
Click to Run
Click to Run
11762
11763
11952
11953
12420
12421
No
Security Update
https://aka.ms/OfficeSecurityReleases
https://docs.microsoft.com/en-us/officeupdates/office365-proplus-security-updates
11762
11763
11952
11953
12420
12421
Click to Run
5002713
https://www.microsoft.com/en-us/download/details.aspx?id=108535
5002573
10753
10754
Maybe
Security Update
16.0.5539.1001
https://support.microsoft.com/help/5002713
10753
10754
5002713
<p><a href="https://www.microsoft.com/en-us/msrc/glossary#Mitigation">Mitigation</a> refers to a setting, common configuration, or general best-practice, existing in a default state, that could reduce the severity of exploitation of a vulnerability.</p>
<p><strong>The following mitigating factors might be helpful in your situation:</strong></p>
<p>Customers running Microsoft 365 Apps, Office 2021 and later will be <strong>automatically protected</strong> via a service-side change, but will be required to <strong>restart</strong> their Office applications for this to take effect.</p>
<p>Customers running Office 2016 and 2019 are not protected until they install the security update. Customers on these versions can apply the <strong>registry keys</strong> described as follows to be immediately protected.</p>
<p>Microsoft Office:</p>
<ol>
<li>To start <strong>blocking</strong> please add the following registry keys:</li>
</ol>
<p>Caution:
Follow these steps carefully. Serious problems may occur if you modify the registry incorrectly. Before you start we recommend that you have a known good backup of your registry. See this article for more information: <a href="https://support.microsoft.com/en-us/help/322756/how-to-back-up-and-restore-the-registry-in-windows">https://support.microsoft.com/en-us/help/322756/how-to-back-up-and-restore-the-registry-in-windows</a></p>
<p>Exit all Microsoft Office applications.
Start the Registry Editor by tapping Start (or pressing the Windows key on your keyboard) then typing regedit and pressing enter.</p>
<ol start="2">
<li>Locate the <strong>proper registry subkey</strong>. It will be one of the following:</li>
</ol>
<p>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\16.0\Common\COM Compatibility\ (for 64-bit MSI Office, or 32-bit MSI Office on 32-bit Windows)</p>
<p>or</p>
<p>HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Office\16.0\Common\COM Compatibility\ (for 32-bit MSI Office on 64-bit Windows)</p>
<p>or</p>
<p>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Office\16.0\Common\COM Compatibility\ (for 64-bit Click2Run Office, or 32-bit Click2Run Office on 32-bit Windows)</p>
<p>or</p>
<p>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Office\16.0\Common\COM Compatibility\ (for 32-bit Click2Run Office on 64-bit Windows)</p>
<p>Note: The COM Compatibility node may not be present by default. If you don't see it, add it by right-clicking the Common node and choosing Add Key.</p>
<ol start="3">
<li>Add a new subkey named {EAB22AC3-30C1-11CF-A7EB-0000C05BAE0B} by right-clicking the COM Compatibility node and choosing Add Key.</li>
</ol>
<p>Within that new subkey we're going to add one new value by right-clicking the new subkey and choosing New > DWORD (32-bit) Value.</p>
<p>A REG_DWORD hexadecimal value called Compatibility Flags with a value of 400.</p>
<p>Exit Registry Editor and start your Office application.</p>
<p><strong>Example</strong></p>
<p>For example, in Office 2016, 64-bit, on Windows you would locate this registry key:</p>
<p>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\16.0\Common\COM Compatibility\</p>
<p>Note: Remember, if the COM Compatibility node doesn't exist yet you'll need to create it.</p>
<p>Then add a subkey with the name {EAB22AC3-30C1-11CF-A7EB-0000C05BAE0B}.</p>
<p>In this case, the resulting path is HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\16.0\Common\COM Compatibility\{EAB22AC3-30C1-11CF-A7EB-0000C05BAE0B}.</p>
<p>To that subkey you'll add a REG_DWORD value called Compatibility Flags with a value of 400.</p>
<p><a href="https://www.microsoft.com/en-us/msrc/glossary#Mitigation">Mitigation</a> refers to a setting, common configuration, or general best-practice, existing in a default state, that could reduce the severity of exploitation of a vulnerability.</p>
<p><strong>The following mitigating factors might be helpful in your situation:</strong></p>
<p>Customers on Office 2021 and later are automatically protected without registry change. Registry keys do not apply to Office 2016 or Office 2019. Customers using Office 2016 or Office 2019 will not be protected until they install the upcoming security update.</p>
Microsoft Threat Intelligence Center (MSTIC), Microsoft Security Response Center (MSRC), and Office Product Group Security Team
Google Threat Intelligence Group
1.0
2026-01-26T08:00:00
<p>Information published.</p>
2.4
2026-01-29T08:00:00
<p>Updated mitigation. This is an informational change only.</p>
1.1
2026-01-26T08:00:00
<p>Corrected CVSS score. This is an informational change only.</p>
2.0
2026-01-26T08:00:00
<p>The following revisions have been made: 1) Microsoft is announcing the availability of the security updates for Microsoft Office 2016 and 2019. Customers running these versions of Office should install the update for their product to be protected from this vulnerability. Customers whose systems are configured to receive automatic updates do not need to take any further action. 2) Updated FAQ and Mitigations.</p>
2.1
2026-01-26T08:00:00
<p>The following revisions have been made: 1) Added the build numbers for Office 2019. 2) Added an FAQ describing how to view Office 2019 build numbers. 3) Updated Publicly Disclosed to No. 4) Added acknowledgement. These are informational changes only.</p>
2.2
2026-01-27T08:00:00
<p>Updated FAQ information. This is an informational change only.</p>
2.3
2026-01-28T08:00:00
<p>Acknowledgement added. This is an informational change only.</p>
Chromium: CVE-2026-0902 Inappropriate implementation in V8
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2024">Google Chrome Releases</a> for more information.</p>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>144.0.3719.82</td>
<td>01/16/2026</td>
<td>144.0.7559.60</td>
</tr>
</tbody>
</table>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-0902
11655
11655
11655
Release Notes
11655
No
Security Update
144.0.3719.82
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-01-16T20:08:21
<p>Information published.</p>
Microsoft SharePoint Remote Code Execution Vulnerability
<p>Deserialization of untrusted data in Microsoft Office SharePoint allows an unauthorized attacker to execute code over a network.</p>
<p><strong>How could an attacker exploit this vulnerability?</strong></p>
<p>In a network-based attack, an unauthenticated attacker could write arbitrary code to inject and execute code remotely on the SharePoint Server.</p>
Microsoft Office SharePoint
Microsoft
Yes
CVE-2026-20963
Deserialization of Untrusted Data
10950
11585
11961
Remote Code Execution
10950
Remote Code Execution
11585
Remote Code Execution
11961
Important
10950
Important
11585
Important
11961
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
9.8
8.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10950
9.8
8.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11585
9.8
8.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11961
5002828
https://www.microsoft.com/en-us/download/details.aspx?id=108518
5002821
10950
Maybe
Security Update
16.0.5535.1001
https://support.microsoft.com/help/5002828
10950
5002828
5002825
https://www.microsoft.com/en-us/download/details.aspx?id=108525
5002816
11585
Maybe
Security Update
16.0.10417.20083
https://support.microsoft.com/help/5002825
11585
5002825
5002822
https://www.microsoft.com/en-us/download/details.aspx?id=108517
5002815
11961
Maybe
Security Update
16.0.19127.20442
https://support.microsoft.com/help/5002822
11961
5002822
Anonymous
f7d8c52bec79e42795cf15888b85cbad
Anonymous
Anonymous
1.1
2026-03-17T07:00:00
<p>Updated the CVSS score and corrected FAQs. This is an informational change only.</p>
1.0
2026-01-13T08:00:00
<p>Information published.</p>