CVE-2026-20805

CVSS v3.1

5.5

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Microsoft Windows versions prior to January 2026 Patch Tuesday

Description An information disclosure issue exists in Desktop Window Manager, potentially allowing an authorized attacker to disclose sensitive information locally. This issue is actively exploited in the wild and can leak sensitive memory details, potentially strengthening multi-stage attacks and making exploit chains more reliable. The vulnerability can be leveraged to leak memory addresses, which can aid in achieving code execution. The issue affects global Windows installations and is considered a zero-day.

Recommendations Apply the January 2026 Patch Tuesday updates to address this vulnerability.

Fix

RCE

LPE

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

CVE-2026-20805

Affected Products

Windows

CVE-2026-20805

Weakness Enumeration

Related Identifiers

Affected Products

References · 26