CVE-2026-20873
Published: 13 January 2026
Summary
CVE-2026-20873 is a high-severity Race Condition (CWE-362) vulnerability in Microsoft Windows 10 1809. Its CVSS base score is 7.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 7.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SC-4 (Information in Shared System Resources) and SI-16 (Memory Protection).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Prevents unauthorized and unintended information transfer via shared system resources, directly addressing the race condition in Windows Management Services.
Implements memory protections that mitigate exploitation of race conditions and associated use-after-free vulnerabilities leading to privilege escalation.
Requires timely flaw remediation, including applying vendor patches for the specific race condition vulnerability in Windows Management Services.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Direct local privilege escalation via exploitation of race condition/use-after-free in Windows service.
NVD Description
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Management Services allows an authorized attacker to elevate privileges locally.
Deeper analysisAI
CVE-2026-20873 is a race condition vulnerability in Windows Management Services, arising from concurrent execution using a shared resource with improper synchronization. Published on 2026-01-13, it is associated with CWE-362 (Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')) and CWE-416 (Use After Free), carrying a CVSS v3.1 base score of 7.8 (AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H).
The vulnerability can be exploited by an authorized local attacker with low privileges who has physical or logical access to the system. Exploitation requires high attack complexity and occurs without user interaction, resulting in a scope change that enables high-impact confidentiality, integrity, and availability violations, ultimately allowing the attacker to elevate privileges locally.
Microsoft's advisory provides guidance on mitigation and patching, available at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20873.
Details
- CWE(s)