CVE-2026-20817
Published: 13 January 2026
Summary
CVE-2026-20817 is a high-severity Improper Handling of Insufficient Permissions or Privileges (CWE-280) vulnerability in Microsoft Windows 10 21H2. Its CVSS base score is 7.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 8.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and AC-6 (Least Privilege).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly enforces approved authorizations for access to system resources, addressing the improper handling of permissions in Windows Error Reporting that enables local privilege escalation.
Enforces least privilege principle to restrict user and process privileges, mitigating the impact of privilege escalation from low-privilege accounts exploiting the vulnerability.
Requires timely identification, reporting, and correction of flaws like CVE-2026-20817 via vendor patches, directly remediating the improper permission handling in Windows Error Reporting.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Local privilege escalation via exploitation of improper permission handling in Windows Error Reporting directly matches T1068.
NVD Description
Improper handling of insufficient permissions or privileges in Windows Error Reporting allows an authorized attacker to elevate privileges locally.
Deeper analysisAI
CVE-2026-20817 involves improper handling of insufficient permissions or privileges in Windows Error Reporting, enabling an authorized attacker to elevate privileges locally. This vulnerability affects the Windows Error Reporting component in Microsoft Windows operating systems and is classified under CWE-280. It received a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) and was published on 2026-01-13T18:16:08.647.
A local attacker with low privileges (PR:L) can exploit this vulnerability with low attack complexity and no user interaction required. Successful exploitation allows the attacker to achieve high impacts on confidentiality, integrity, and availability, resulting in full privilege escalation on the affected system.
Microsoft's advisory provides details on mitigation and patches at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20817.
Details
- CWE(s)