CVE-2026-20868
Published: 13 January 2026
Summary
CVE-2026-20868 is a high-severity Heap-based Buffer Overflow (CWE-122) vulnerability in Microsoft Windows Server 2008. Its CVSS base score is 8.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 32.4% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-16 (Memory Protection) and SI-2 (Flaw Remediation).
Deeper analysis
CVE-2026-20868 is a heap-based buffer overflow vulnerability, classified under CWE-122, affecting the Windows Routing and Remote Access Service (RRAS). Published on 2026-01-13T18:16:16.303, it carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) and enables an unauthorized attacker to execute code over a network.
The vulnerability can be exploited by an unauthorized attacker with network access, requiring low attack complexity and no privileges, though user interaction is necessary. Successful exploitation grants high-impact arbitrary code execution, compromising confidentiality, integrity, and availability.
Microsoft's Security Response Center update guide at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20868 details patching instructions. Vicarius provides a detection script at https://www.vicarius.io/vsociety/posts/cve-2026-20868-detection-script-heap-based-buffer-overflow-vulnerability-affecting-windows-rras and a mitigation script at https://www.vicarius.io/vsociety/posts/cve-2026-20868-mitigation-script-heap-based-buffer-overflow-vulnerability-affecting-windows-rras.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-2155
Vulnerability details
Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Heap-based buffer overflow in Windows RRAS enables remote code execution by unauthorized network attackers, directly facilitating T1190: Exploit Public-Facing Application.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly remediates the heap-based buffer overflow in RRAS by identifying, prioritizing, and applying vendor patches as specified in Microsoft's update guide.
Implements memory protection mechanisms like ASLR and DEP that hinder exploitation of heap buffer overflows for arbitrary code execution.
Requires validation of network inputs to RRAS to detect and reject malformed data that could trigger the buffer overflow.