How severe is CVE-2026-20805?

CVE-2026-20805 has a CVSS v3 score of 5.5 (MEDIUM).

CVE-2026-20805

5.5MEDIUM

Exposure of sensitive information to an unauthorized actor in Desktop Windows Manager allows an authorized attacker to disclose information locally.

Veröffentlicht: 1/13/2026Aktualisiert: 1/14/2026

CISA Bekannte Ausgenutzte Schwachstelle

Microsoft Windows Desktop Windows Manager contains an information disclosure vulnerability that allows an authorized attacker to disclose information locally.

Erforderliche Maßnahme:

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Fälligkeitsdatum:

2026-02-03

Beschreibung

Exposure of sensitive information to an unauthorized actor in Desktop Windows Manager allows an authorized attacker to disclose information locally.

KI-AnalyseKI-gestützt

Betroffene Produkte

microsoftwindows_10_1607

microsoftwindows_10_1809

microsoftwindows_10_21h2

microsoftwindows_10_22h2

microsoftwindows_11_23h2

microsoftwindows_11_24h2

microsoftwindows_11_25h2

microsoftwindows_server_2012

microsoftwindows_server_2016

microsoftwindows_server_2019

microsoftwindows_server_2022

microsoftwindows_server_2022_23h2

microsoftwindows_server_2025

Referenzen

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20805
Vendor Advisory
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-20805
US Government Resource