CVE-2026-20931

Name of the Vulnerable Software and Affected Versions Windows Telephony Service (affected versions not specified)

Description An elevation-of-privilege issue exists in the Windows Telephony Service due to improper external control of file names or paths. Successful exploitation may allow an authorized attacker to elevate privileges over an adjacent network and affect the system. The vulnerability was discovered by Sergey Bliznyuk and addressed by Microsoft in January 2026. The issue is also described as an authenticated Remote Code Execution (RCE).

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.