CVE-2026-20877
Published: 13 January 2026
Summary
CVE-2026-20877 is a high-severity Race Condition (CWE-362) vulnerability in Microsoft Windows 10 1809. Its CVSS base score is 7.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 7.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-16 (Memory Protection) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Requires organizations to identify, report, and remediate flaws like this use-after-free vulnerability through timely patching as advised by Microsoft.
Implements memory protection mechanisms such as ASLR and DEP that directly counteract use-after-free exploits in Windows Management Services.
Enforces least privilege for processes, limiting the scope of privilege escalation from low-privilege local attackers exploiting this vulnerability.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Use-after-free/race condition in Windows service directly enables local privilege escalation (T1068) from low-privileged context.
NVD Description
Use after free in Windows Management Services allows an authorized attacker to elevate privileges locally.
Deeper analysisAI
CVE-2026-20877 is a use-after-free vulnerability (CWE-416) associated with a race condition (CWE-362) in Windows Management Services. It affects Microsoft Windows systems and was published on 2026-01-13 with a CVSS v3.1 base score of 7.8 (High), reflecting local attack vector (AV:L), high attack complexity (AC:H), low privileges required (PR:L), no user interaction (UI:N), changed scope (S:C), and high impacts to confidentiality, integrity, and availability (C:H/I:H/A:H).
A local attacker with low privileges can exploit this vulnerability due to its high complexity requirements. Successful exploitation allows privilege escalation on the affected system, potentially granting higher-level access to resources and enabling further compromise.
The Microsoft Security Response Center advisory at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20877 provides details on patches and mitigation guidance for addressing this issue.
Details
- CWE(s)