CVE-2026-20844
Published: 13 January 2026
Summary
CVE-2026-20844 is a high-severity Race Condition (CWE-362) vulnerability in Microsoft Windows 10 1607. Its CVSS base score is 7.4 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 5.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-16 (Memory Protection) and SI-2 (Flaw Remediation).
Deeper analysis
CVE-2026-20844 is a use-after-free vulnerability (CWE-416), associated with a race condition (CWE-362), in the Windows Clipboard Server component of Microsoft Windows operating systems. Published on January 13, 2026, it carries a CVSS v3.1 base score of 7.4 (AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating high severity due to potential impacts on confidentiality, integrity, and availability.
The vulnerability can be exploited by an unauthorized local attacker requiring high attack complexity but no privileges, user interaction, or scope change. Successful exploitation enables local privilege escalation, allowing the attacker to gain elevated access on the affected system.
Microsoft's update guide at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20844 provides details on patches and mitigations for this issue.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-2172
Vulnerability details
Use after free in Windows Clipboard Server allows an unauthorized attacker to elevate privileges locally.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Direct local privilege escalation via exploitation of a use-after-free race condition in a Windows system component.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly implements memory protections that block use-after-free exploitation in the Windows Clipboard Server.
Requires timely application of the vendor patch that eliminates the race-conditioned use-after-free in the Clipboard Server.
Enforces process isolation boundaries that limit the ability of a local UAF in the Clipboard Server to achieve privilege escalation.