PT-2026-2740 · Microsoft · Windows Virtualization-Based Security+2
Published
2026-01-13
·
Updated
2026-01-13
·
CVE-2026-20938
CVSS v3.1
7.8
High
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Windows Virtualization-Based Security (VBS) Enclave (affected versions not specified)
Description
A flaw exists in Windows Virtualization-Based Security (VBS) Enclave that could allow a local attacker to gain higher privileges on the system. The issue is due to an untrusted pointer dereference. This could allow an authorized attacker to elevate privileges locally.
Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Untrusted Pointer Dereference
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Windows
Windows Vbs Enclave
Windows Virtualization-Based Security