CVE-2026-20929

Name of the Vulnerable Software and Affected Versions Windows versions (affected versions not specified)

Description A flaw in Windows HTTP.sys related to improper access control can allow an authorized attacker to elevate privileges over a network. This issue can be exploited remotely. The vulnerability enables Kerberos authentication relay to Active Directory Certificate Services (AD CS) via DNS CNAME abuse, bypassing NTLM protections. A proof-of-concept (PoC) has been released demonstrating how attackers can manipulate DNS CNAME resolution to coerce Windows clients into requesting Kerberos tickets for attacker-controlled Service Principal Names (SPNs), enabling credential relay and lateral movement. This poses a risk to Active Directory networks, even when NTLM is disabled. Mitigation means removing relay opportunities at the service layer.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.