CVE-2026-20875
Published: 13 January 2026
Summary
CVE-2026-20875 is a high-severity NULL Pointer Dereference (CWE-476) vulnerability in Microsoft Windows Server 2008. Its CVSS base score is 7.5 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Application or System Exploitation (T1499.004); ranked at the 19.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SC-5 (Denial-of-service Protection) and SI-2 (Flaw Remediation).
Deeper analysis
CVE-2026-20875 is a null pointer dereference vulnerability (CWE-476) in the Windows Local Security Authority Subsystem Service (LSASS). Published on 2026-01-13, it affects Windows systems running LSASS, a critical component handling authentication and security policies.
The vulnerability enables an unauthorized attacker to exploit it over a network (AV:N) with low attack complexity (AC:L), requiring no privileges (PR:N), no user interaction (UI:N), and no change in scope (S:U). Successful exploitation results in high-impact denial of service (A:H) with no impact on confidentiality or integrity (C:N/I:N), as reflected in its CVSS v3.1 base score of 7.5.
Microsoft's Security Response Center provides an update guide for CVE-2026-20875 at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20875, detailing recommended mitigations and patches.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-2129
Vulnerability details
Null pointer dereference in Windows Local Security Authority Subsystem Service (LSASS) allows an unauthorized attacker to deny service over a network.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Null pointer dereference in LSASS directly enables remote DoS via application exploitation (T1499.004).
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly mitigates the null pointer dereference vulnerability in LSASS by requiring timely application of vendor patches as detailed in Microsoft's update guide.
Implements denial-of-service protections at system entry points to counter the high-impact network-based DoS exploitation of LSASS.
Monitors and controls network communications at boundaries to limit unauthorized remote access required to trigger the LSASS null pointer dereference.