CVE-2026-20852
Published: 13 January 2026
Summary
CVE-2026-20852 is a high-severity Incorrect Privilege Assignment (CWE-266) vulnerability in Microsoft Windows 10 1607. Its CVSS base score is 7.7 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Modify Authentication Process (T1556); ranked at the 13.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 AC-2 (Account Management) and AC-3 (Access Enforcement).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly counters incorrect privilege assignment (CWE-266) in Windows Hello by enforcing least privilege to prevent unauthorized local tampering.
Ensures enforcement of approved authorizations, mitigating flawed privilege handling that allows local attackers to tamper with authentication components.
Manages system accounts and privileges to prevent incorrect assignments enabling unprivileged local tampering in Windows Hello.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Incorrect privilege assignment in Windows Hello auth component directly enables modification of authentication process (T1556) and local privilege escalation via flawed handling (T1068).
NVD Description
Incorrect privilege assignment in Windows Hello allows an unauthorized attacker to perform tampering locally.
Deeper analysisAI
CVE-2026-20852 is an incorrect privilege assignment vulnerability (CWE-266) in Windows Hello, published on 2026-01-13. It affects the Windows Hello authentication component in Microsoft Windows systems, enabling an unauthorized attacker to perform local tampering due to flawed privilege handling. The vulnerability carries a CVSS v3.1 base score of 7.7 (AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N), indicating high severity with significant confidentiality and integrity impacts.
A local attacker with no required privileges can exploit this issue with low attack complexity and no user interaction. Exploitation allows tampering with Windows Hello functionality, potentially compromising sensitive authentication data or mechanisms, leading to unauthorized access or modification without affecting availability.
Microsoft's Security Response Center provides detailed guidance on this vulnerability via their update guide at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20852, where practitioners can find information on applicable patches and mitigation recommendations.
Details
- CWE(s)