Microsoft · Windows · CVE-2026-20811
**Name of the Vulnerable Software and Affected Versions**
Windows versions prior to patchday February 2026
**Description**
An issue exists in the Win32k component (Win32k.sys) of the Windows operating system related to accessing a resource using incompatible types, known as 'type confusion'. Exploitation of this issue can allow an attacker to elevate privileges locally. The vulnerability affects the ICOMP functionality within Win32k. Specifically, a CMonitorTopology* object survives incomplete sanitization in the asynchronous path. This can allow an authorized attacker to elevate privileges locally.
**Recommendations**
Apply the updates released during the February 2026 patchday.