CVE-2026-20858
Published: 13 January 2026
Summary
CVE-2026-20858 is a high-severity Race Condition (CWE-362) vulnerability in Microsoft Windows 10 1809. Its CVSS base score is 7.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 7.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-16 (Memory Protection) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly remediates the use-after-free vulnerability in Windows Management Services by requiring timely application of vendor patches.
Implements memory safeguards such as DEP, ASLR, and control-flow integrity to protect against exploitation of use-after-free flaws leading to privilege escalation.
Enforces least privilege on processes like Windows Management Services to limit the impact and success of local privilege escalation attempts.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Local use-after-free in Windows Management Services directly enables privilege escalation (T1068) with high impact under changed scope.
NVD Description
Use after free in Windows Management Services allows an authorized attacker to elevate privileges locally.
Deeper analysisAI
CVE-2026-20858 is a use-after-free vulnerability in Windows Management Services, published on 2026-01-13. It affects Windows operating systems and is linked to CWE-416 (use after free) and CWE-362 (race condition). The vulnerability carries a CVSS v3.1 base score of 7.8 (High), with vector AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H, indicating local attack vector, high attack complexity, low privileges required, no user interaction, changed scope, and high impacts across confidentiality, integrity, and availability.
A local attacker with low privileges (PR:L) can exploit this vulnerability due to the use-after-free flaw in Windows Management Services. Exploitation requires high complexity (AC:H) but no user interaction (UI:N). Successful exploitation enables privilege escalation, allowing the attacker to gain elevated access on the system with high confidentiality, integrity, and availability impacts under a changed scope (S:C).
Microsoft's Security Response Center provides details on the vulnerability, including patches and mitigation guidance, in their update guide at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20858.
Details
- CWE(s)