CVE-2026-20805

Name of the Vulnerable Software and Affected Versions Microsoft Windows versions prior to February 2026 Patch Tuesday updates

Description A vulnerability exists in the Desktop Window Manager component of Microsoft Windows that can lead to the disclosure of sensitive information to an unauthorized actor. This vulnerability, actively exploited in the wild, allows an attacker to leak user-mode memory addresses, potentially bypassing Address Space Layout Randomization (ASLR) and strengthening exploit chains. The vulnerability has been observed in attacks and is being tracked as CVE-2026-20805. CISA has added this vulnerability to its Known Exploited Vulnerabilities (KEV) catalog, mandating federal agencies to patch by February 3, 2026. The vulnerability allows attackers to access information containing the address of a remote port, potentially leading to the disclosure of data from user-mode memory. It is estimated that a large number of systems globally are affected.

Recommendations Apply the February 2026 Patch Tuesday updates for all supported Windows versions. Prioritize patching for systems with local privilege access. Monitor for suspicious activity and anomalous credential use.