Cyber Posture

CVE-2026-20805

MediumCISA KEVActive Exploitation

Published: 13 January 2026

Published
13 January 2026
Modified
14 January 2026
KEV Added
13 January 2026
Patch
CVSS Score 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
EPSS Score 0.0342 87.6th percentile
Risk Priority 33 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-20805 is a medium-severity Exposure of Sensitive Information to an Unauthorized Actor (CWE-200) vulnerability in Microsoft Windows 10 1607. Its CVSS base score is 5.5 (Medium).

Operationally, ranked in the top 12.4% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.

The strongest mitigations our analysis identified are NIST 800-53 SC-4 (Information in Shared System Resources) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match
prevent

Directly mitigates the information disclosure vulnerability by requiring timely application of vendor patches for the DWM flaw as referenced in MSRC and CISA KEV.

SC-4 Information in Shared System Resources good match
prevent

Prevents unauthorized reading and extraction of sensitive information from shared system resources, directly addressing DWM's exposure of sensitive data to local low-privilege attackers.

SI-16 Memory Protection partial match
prevent

Provides memory isolation and protection safeguards that limit unauthorized access to sensitive data in DWM's memory spaces exploited by local attackers.

MITRE ATT&CK Enterprise TechniquesAI

Insufficient information to map techniques.
Confidence: LOW · MITRE ATT&CK Enterprise v19.0

NVD Description

Exposure of sensitive information to an unauthorized actor in Desktop Windows Manager allows an authorized attacker to disclose information locally.

Deeper analysisAI

CVE-2026-20805 is an information disclosure vulnerability in the Desktop Windows Manager (DWM) component of Windows, classified as CWE-200 (Exposure of Sensitive Information to an Unauthorized Actor). Published on 2026-01-13, it has a CVSS v3.1 base score of 5.5 (Medium), with vector AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N, indicating high confidentiality impact from local exploitation.

A local attacker with low privileges (PR:L) can exploit this vulnerability with low complexity and no user interaction required. Successful exploitation allows disclosure of sensitive information to an unauthorized actor, without impacting integrity or availability, and with unchanged scope.

Mitigation details are available in the Microsoft Security Response Center update guide at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20805. The vulnerability is also referenced in the CISA Known Exploited Vulnerabilities Catalog at https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-20805.

Details

CWE(s)
CWE-200
KEV Date Added
13 January 2026

Affected Products

microsoft
windows 10 1607
≤ 10.0.14393.8783 · ≤ 10.0.14393.8783
microsoft
windows 10 1809
≤ 10.0.17763.8276 · ≤ 10.0.17763.8276
microsoft
windows 10 21h2
≤ 10.0.19044.6809
microsoft
windows 10 22h2
≤ 10.0.19045.6809
microsoft
windows 11 23h2
≤ 10.0.22631.6491
microsoft
windows 11 24h2
≤ 10.0.26100.7623
microsoft
windows 11 25h2
≤ 10.0.26200.7623
microsoft
windows server 2012
all versions, r2
microsoft
windows server 2016
≤ 10.0.14393.8783
microsoft
windows server 2019
≤ 10.0.17763.8276
+3 more product configuration(s) — see NVD for full list

CVEs Like This One

CVE-2026-21510Same product: Microsoft Windows 10 1607both on KEV
CVE-2026-21513Same product: Microsoft Windows 10 1607both on KEV
CVE-2026-21533Same product: Microsoft Windows 10 1607both on KEV
CVE-2026-21525Same product: Microsoft Windows 10 1607both on KEV
CVE-2026-32202Same product: Microsoft Windows 10 1607both on KEV
CVE-2026-21519Same product: Microsoft Windows 10 1607both on KEV
CVE-2025-59230Same product: Microsoft Windows 10 1607both on KEV
CVE-2025-24990Same product: Microsoft Windows 10 1607both on KEV
CVE-2025-24984Same product: Microsoft Windows 10 1607both on KEV
CVE-2025-21418Same product: Microsoft Windows 10 1607both on KEV

References