CVE-2026-20929
Published: 13 January 2026
Summary
CVE-2026-20929 is a high-severity Improper Access Control (CWE-284) vulnerability in Microsoft Windows Server 2008. Its CVSS base score is 7.5 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 8.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and SI-2 (Flaw Remediation).
Deeper analysis
CVE-2026-20929 is an improper access control vulnerability (CWE-284) in the Windows HTTP.sys kernel-mode driver, which handles HTTP requests in Windows operating systems. Published on 2026-01-13, it carries a CVSS v3.1 base score of 7.5 (AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating network accessibility with high attack complexity but significant impacts if exploited.
The vulnerability can be exploited by an authorized attacker with low privileges (PR:L) over a network (AV:N). Successful exploitation enables privilege escalation without user interaction (UI:N), leading to high confidentiality, integrity, and availability impacts (C:I:A:H) within the unchanged security scope (S:U).
Mitigation details are available in the Microsoft Security Response Center advisory at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20929.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-2134
Vulnerability details
Improper access control in Windows HTTP.sys allows an authorized attacker to elevate privileges over a network.
- CWE(s)
Related Threats
Threat-Actor AttributionAI
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Direct privilege escalation via exploitation of improper access control in kernel driver (HTTP.sys).
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly counters the improper access control vulnerability in HTTP.sys by requiring enforcement of approved authorizations for all logical access to system resources.
Addresses the specific flaw in the Windows HTTP.sys kernel-mode driver by identifying, reporting, and applying remediation such as patches to prevent privilege escalation.
Mitigates privilege escalation impacts by ensuring low-privilege attackers and processes operate with the minimum privileges necessary, limiting potential damage from exploitation.