CVE-2026-20843
Published: 13 January 2026
Summary
CVE-2026-20843 is a high-severity Improper Access Control (CWE-284) vulnerability in Microsoft Windows Server 2008. Its CVSS base score is 7.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 9.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and AC-6 (Least Privilege).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly enforces proper access controls to prevent exploitation of the improper access control vulnerability in RRAS that enables local privilege escalation.
Applies least privilege to restrict low-privileged local users from escalating privileges via the weak RRAS access controls.
Requires timely patching of the specific RRAS flaw, as recommended by MSRC, to eliminate the improper access control vulnerability.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Local improper access control flaw in RRAS directly enables exploitation for privilege escalation from low-privileged accounts.
NVD Description
Improper access control in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to elevate privileges locally.
Deeper analysisAI
CVE-2026-20843 is an improper access control vulnerability (CWE-284) in the Windows Routing and Remote Access Service (RRAS). It affects Microsoft Windows systems where RRAS is enabled, allowing an authorized local attacker to exploit weak access controls for privilege escalation. The vulnerability has a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating high severity due to its potential for significant impact on confidentiality, integrity, and availability.
An attacker with local access and low-level privileges, such as a standard user account, can exploit this vulnerability with low complexity and no user interaction required. Successful exploitation enables privilege escalation, potentially granting the attacker high-level access to the system, including control over sensitive data, processes, and resources.
Microsoft's Security Response Center (MSRC) provides detailed mitigation guidance in their update guide at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20843, which likely includes recommendations for applying patches or security updates.
Details
- CWE(s)