CVE-2026-20965
Published: 13 January 2026
Summary
CVE-2026-20965 is a high-severity Improper Verification of Cryptographic Signature (CWE-347) vulnerability in Microsoft Windows Admin Center. Its CVSS base score is 7.5 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 6.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 CM-14 (Signed Components) and SI-2 (Flaw Remediation).
Deeper analysis
CVE-2026-20965 is an improper verification of cryptographic signature vulnerability affecting Windows Admin Center. Published on 2026-01-13, it is rated 7.5 on the CVSS 3.1 scale (AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H) and maps to CWE-347: Improper Verification of Cryptographic Signature. The flaw enables local privilege escalation due to inadequate signature checks within the software.
An authorized attacker with high privileges and local access to the system can exploit this vulnerability, though it requires high attack complexity and no user interaction. Successful exploitation allows privilege escalation, granting high-impact access to confidentiality, integrity, and availability, with a scope change to other privileged components.
Microsoft's advisory on the MSRC update guide at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20965 provides details on mitigation and patches for this issue. Security practitioners should consult this reference for specific remediation steps.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-2105
Vulnerability details
Improper verification of cryptographic signature in Windows Admin Center allows an authorized attacker to elevate privileges locally.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Direct local privilege escalation via exploitation of improper cryptographic signature verification in Windows Admin Center.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Requires software components to be digitally signed with verified cryptographic signatures before installation or execution, directly addressing the improper signature verification in Windows Admin Center.
Employs integrity verification mechanisms such as cryptographic signatures to protect software from unauthorized modifications, mitigating the signature check flaw leading to privilege escalation.
Mandates identification, reporting, testing, and installation of security patches for flaws like CVE-2026-20965, preventing exploitation of the signature verification vulnerability.