CVE-2026-20811
Published: 13 January 2026
Summary
CVE-2026-20811 is a high-severity Untrusted Pointer Dereference (CWE-822) vulnerability in Microsoft Windows 11 23H2. Its CVSS base score is 7.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 25.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-16 (Memory Protection) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly addresses the type confusion vulnerability by requiring identification, reporting, and timely remediation of flaws in Win32K ICOMP to prevent local privilege escalation.
Implements memory protection safeguards such as DEP and ASLR that mitigate type confusion exploits by preventing unauthorized code execution and pointer dereferences in kernel components.
Enforces least privilege for local low-privilege accounts, limiting the attack surface and containing the impact even if the Win32K type confusion vulnerability is exploited for escalation.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Local type confusion EoP in Win32K kernel component directly enables T1068 Exploitation for Privilege Escalation from low-privileged local context.
NVD Description
Access of resource using incompatible type ('type confusion') in Windows Win32K - ICOMP allows an authorized attacker to elevate privileges locally.
Deeper analysisAI
CVE-2026-20811 is a type confusion vulnerability, classified as an access of resource using incompatible type, affecting the Windows Win32K ICOMP component. Published on 2026-01-13T18:16:07.727, it carries a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) and is linked to CWE-822 (Untrusted Pointer Dereference) and CWE-843 (Access of Resource Using Incompatible Type).
The vulnerability can be exploited by an authorized local attacker possessing low privileges. Exploitation requires local access and low complexity with no user interaction, enabling the attacker to elevate privileges locally and achieve high impacts across confidentiality, integrity, and availability.
Mitigation details are available in the Microsoft Security Response Center update guide at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20811.
Details
- CWE(s)