Cyber Resilience

CVE-2026-20965

High

Published: 13 January 2026

Published
13 January 2026
Modified
16 January 2026
KEV Added
Patch
CVSS Score v3.1 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
EPSS Score 0.0002 6.4th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-20965 is a high-severity Improper Verification of Cryptographic Signature (CWE-347) vulnerability in Microsoft Windows Admin Center. Its CVSS base score is 7.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 6.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 CM-14 (Signed Components) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2026-20965 is an improper verification of cryptographic signature vulnerability affecting Windows Admin Center. Published on 2026-01-13, it is rated 7.5 on the CVSS 3.1 scale (AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H) and maps to CWE-347: Improper Verification of Cryptographic Signature. The flaw enables local privilege escalation due to inadequate signature checks within the software.

An authorized attacker with high privileges and local access to the system can exploit this vulnerability, though it requires high attack complexity and no user interaction. Successful exploitation allows privilege escalation, granting high-impact access to confidentiality, integrity, and availability, with a scope change to other privileged components.

Microsoft's advisory on the MSRC update guide at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20965 provides details on mitigation and patches for this issue. Security practitioners should consult this reference for specific remediation steps.

EU & UK References

Vulnerability details

Improper verification of cryptographic signature in Windows Admin Center allows an authorized attacker to elevate privileges locally.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques?

Direct local privilege escalation via exploitation of improper cryptographic signature verification in Windows Admin Center.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2026-23660Same product: Microsoft Windows Admin Center
CVE-2026-35438Same product: Microsoft Windows Admin Center
CVE-2026-41086Same product: Microsoft Windows Admin Center
CVE-2026-42834Same product: Microsoft Windows Admin Center
CVE-2026-26119Same product: Microsoft Windows Admin Center
CVE-2026-40372Same vendor: Microsoft
CVE-2026-21231Same vendor: Microsoft
CVE-2026-32091Same vendor: Microsoft
CVE-2026-25174Same vendor: Microsoft
CVE-2026-42823Same vendor: Microsoft

Affected Assets

microsoft
windows admin center
≤ 0.70.0.0

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Requires software components to be digitally signed with verified cryptographic signatures before installation or execution, directly addressing the improper signature verification in Windows Admin Center.

preventdetect

Employs integrity verification mechanisms such as cryptographic signatures to protect software from unauthorized modifications, mitigating the signature check flaw leading to privilege escalation.

prevent

Mandates identification, reporting, testing, and installation of security patches for flaws like CVE-2026-20965, preventing exploitation of the signature verification vulnerability.

References