CVE-2026-20805

Name of the Vulnerable Software and Affected Versions Microsoft Windows versions prior to February 2026 Description A vulnerability exists in the Desktop Windows Manager component of Windows that allows an attacker to disclose sensitive information locally. This vulnerability, actively exploited in the wild, can leak memory addresses, potentially bypassing Address Space Layout Randomization (ASLR) and strengthening exploit chains. The vulnerability has been observed in attacks and is being tracked as CVE-2026-20805. CISA has added this vulnerability to its Known Exploited Vulnerabilities (KEV) catalog, mandating federal agencies to patch by February 3, 2026. The vulnerability impacts various Windows versions, including Windows 10, Windows 11, and server editions. Exploitation of this flaw can lead to privilege escalation and potential system compromise. The vulnerability allows an attacker to access information containing the address of a remote ALPC port section, potentially revealing sensitive data such as tokens and passwords. Recommendations Apply the security updates released by Microsoft in January 2026 to address CVE-2026-20805. Prioritize patching for all supported Windows versions. Federal agencies must remediate this vulnerability by February 3, 2026, as mandated by CISA. Monitor systems for suspicious activity and anomalous credential usage.