CVE-2026-20815
published 2026-01-13CVE-2026-20815: Concurrent execution using shared resource with improper synchronization ('race condition') in Capability Access Management Service (camsvc) allows an…
PriorityP337high7CVSS 3.1
AVLACHPRLUINSUCHIHAH
EPSS
0.30%
21.2th percentile
Concurrent execution using shared resource with improper synchronization ('race condition') in Capability Access Management Service (camsvc) allows an authorized attacker to elevate privileges locally.
Affected
11 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | windows_11_24h2 | < 10.0.26100.7623 | 10.0.26100.7623 |
| microsoft | windows_11_25h2 | < 10.0.26200.7623 | 10.0.26200.7623 |
| microsoft | windows_11_version_24h2 | >= 10.0.26100.0 < 10.0.26100.7623 | 10.0.26100.7623 |
| microsoft | windows_11_version_25h2 | >= 10.0.26200.0 < 10.0.26200.7623 | 10.0.26200.7623 |
| microsoft | windows_server_2025 | < 10.0.26100.32230 | 10.0.26100.32230 |
| microsoft | windows_server_2025 | >= 10.0.26100.0 < 10.0.26100.32230 | 10.0.26100.32230 |
| msrc | windows_11_version_24h2_for_arm64-based_systems | — | — |
| msrc | windows_11_version_24h2_for_x64-based_systems | — | — |
| msrc | windows_11_version_25h2_for_arm64-based_systems | — | — |
| msrc | windows_11_version_25h2_for_x64-based_systems | — | — |
| msrc | windows_server_2025 | — | — |
CVSS provenance
nvdv3.17.0HIGHCVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
vendor_msrc7.0HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Microsoft
Capability Access Management Service (camsvc) Elevation of Privilege Vulnerability
vendor_msrc·2026-01-13·CVSS 7.0
CVE-2026-20815 [HIGH] CWE-362 Capability Access Management Service (camsvc) Elevation of Privilege Vulnerability
Capability Access Management Service (camsvc) Elevation of Privilege Vulnerability
Description: Concurrent execution using shared resource with improper synchronization ('race condition') in Capability Access Management Service (camsvc) allows an authorized attacker to elevate privileges locally.
FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?
Successful exploitation of this vulnerability requires an attacker to win a race condition.
FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability?
An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.
Capability Access Management Service (camsvc): Capability Access Management Service (camsvc)
Microsof
GHSA
GHSA-6vwf-rhq3-fmg6: Concurrent execution using shared resource with improper synchronization ('race condition') in Capability Access Management Service (camsvc) allows an
ghsa_unreviewed·2026-01-13
CVE-2026-20815 [HIGH] CWE-362 GHSA-6vwf-rhq3-fmg6: Concurrent execution using shared resource with improper synchronization ('race condition') in Capability Access Management Service (camsvc) allows an
Concurrent execution using shared resource with improper synchronization ('race condition') in Capability Access Management Service (camsvc) allows an authorized attacker to elevate privileges locally.
No detection rules found.
No public exploits indexed.
Qualys
Microsoft and Adobe Patch Tuesday, January 2026 Security Update Review
blogs_qualys·2026-01-13
Microsoft and Adobe Patch Tuesday, January 2026 Security Update Review
## Table of Contents
Microsoft Patch Tuesday forJanuary2026
Adobe Patches for January 2026
Zero-day Vulnerabilities Patched inJanuaryPatch Tuesday Edition
Critical Severity Vulnerabilities Patched inJanuaryPatch Tuesday Edition
Other Microsoft Vulnerability Highlights
Microsoft Release Summary
Discover and Prioritize Vulnerabilities inVulnerability Management, Detection & Response (VMDR)
Rapid Response with TruRisk Eliminate
EVALUATE Vendor-Suggested Mitigation withPolicy Audit(PA)
Qualys Monthly Webinar Series
Starting the year on a security-first note, Microsoft’s January 2026 Patch Tuesday resolves several vulnerabilities that could impact enterprise environments. Here’s a quick breakdown of what you need to know.
## Microsoft Patch Tuesday for January 2026
This month’s rel
Bleepingcomputer
Microsoft January 2026 Patch Tuesday fixes 3 zero-days, 114 flaws
blogs_bleepingcomputer·2026-01-13·CVSS 5.5
[MEDIUM] Microsoft January 2026 Patch Tuesday fixes 3 zero-days, 114 flaws
## Microsoft January 2026 Patch Tuesday fixes 3 zero-days, 114 flaws
## Lawrence Abrams
57 Elevation of Privilege vulnerabilities
3 Security Feature Bypass vulnerabilities
22 Remote Code Execution vulnerabilities
22 Information Disclosure vulnerabilities
2 Denial of Service vulnerabilities
5 Spoofing vulnerabilities
When BleepingComputer reports on Patch Tuesday security updates, we only count those released by Microsoft today. Therefore, the number of flaws does not include Microsoft Edge (1 flaw) and Mariner vulnerabilities fixed earlier this month.
To learn more about the non-security updates released today, you can review our dedicated articles on the Windows 11 KB5074109 & KB5073455 cumulative updates and Windows 10 KB5073724 extended security update .
## 3 zero-days, one ex
Qualys
Microsoft and Adobe Patch Tuesday, January 2026 Security Update Review | Qualys
blogs_qualys·2026-01-13
Microsoft and Adobe Patch Tuesday, January 2026 Security Update Review | Qualys
#### Table of Contents
- Microsoft Patch Tuesday forJanuary2026
- Adobe Patches for January 2026
- Zero-day Vulnerabilities Patched inJanuaryPatch Tuesday Edition
- Critical Severity Vulnerabilities Patched inJanuaryPatch Tuesday Edition
- Other Microsoft Vulnerability Highlights
- Microsoft Release Summary
- Discover and Prioritize Vulnerabilities inVulnerability Management, Detection & Response (VMDR)
- Rapid Response with TruRisk Eliminate
- EVALUATE Vendor-Suggested Mitigation withPolicy Audit(PA)
- Qualys Monthly Webinar Series
Starting the year on a security-first note, Microsoft’s January 2026 Patch Tuesday resolves several vulnerabilities that could impact enterprise environments. Here’s a quick breakdown of what you need to know.
## Microsoft Patch Tuesday for January 2026
Thi
Wiz
CVE-2026-20815 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.0
CVE-2026-20815 [HIGH] CVE-2026-20815 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-20815 :
vulnerability analysis and mitigation
Concurrent execution using shared resource with improper synchronization ('race condition') in Capability Access Management Service (camsvc) allows an authorized attacker to elevate privileges locally.
Source : NVD
## 7
Score
Published January 13, 2026
Severity HIGH
CNA Score 7.0
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 6.7
Exploitation Probability (EPSS) N/A
Sources
NVD
## Get a CVE risk assessment
Get a prioritized view of CVEs in your cloud—so you can focus on what's exploitable, not just what's listed.
Free Vulnerability Assessment
## Benchmark your Cloud Security Posture
Evaluate your cloud security practic
2026-01-13
Published