CVE-2026-20811

CVSS v3.1

7.8

High

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Windows versions prior to patchday February 2026

Description An issue exists in the Win32k component (Win32k.sys) of the Windows operating system related to accessing a resource using incompatible types, known as 'type confusion'. Exploitation of this issue can allow an attacker to elevate privileges locally. The vulnerability affects the ICOMP functionality within Win32k. Specifically, a CMonitorTopology* object survives incomplete sanitization in the asynchronous path. This can allow an authorized attacker to elevate privileges locally.

Recommendations Apply the updates released during the February 2026 patchday.

Fix

Untrusted Pointer Dereference

Type Confusion

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-822CWE-843

Related Identifiers

BDU:2026-00428

CVE-2026-20811

Affected Products

Windows

CVE-2026-20811

Weakness Enumeration

Related Identifiers

Affected Products

References · 8