CVE-2026-20827Sensitive Information Exposure in Microsoft Windows 10 Version 1607

CWE-200Sensitive Information Exposure5 documents5 sources
Severity
5.5MEDIUMNVD
EPSS
0.0%
top 87.44%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
20
Microsoft Windows 10 Version 1607Microsoft Windows 10 Version 1809Microsoft Windows 10 Version 21h2+17 more
Timeline
PublishedJan 13

Description

Exposure of sensitive information to an unauthorized actor in Tablet Windows User Interface (TWINUI) Subsystem allows an authorized attacker to disclose information locally.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages20 packages

NVDmicrosoft/windows< 10.0.14393.8783+4
NVDmicrosoft/windows_10_1607< 10.0.14393.8783
NVDmicrosoft/windows_10_1809< 10.0.17763.8276
NVDmicrosoft/windows_10_21h2< 10.0.19044.6809
NVDmicrosoft/windows_10_22h2< 10.0.19045.6809

🔴Vulnerability Details

2
CVEList
Tablet Windows User Interface (TWINUI) Subsystem Information Disclosure Vulnerability2026-01-13
GHSA
GHSA-2774-q4rg-5j6w: Exposure of sensitive information to an unauthorized actor in Tablet Windows User Interface (TWINUI) Subsystem allows an authorized attacker to disclo2026-01-13

📋Vendor Advisories

1
Microsoft
Tablet Windows User Interface (TWINUI) Subsystem Information Disclosure Vulnerability2026-01-13

🕵️Threat Intelligence

1
Wiz
CVE-2026-20827 Impact, Exploitability, and Mitigation Steps | Wiz
CVE-2026-20827 — Sensitive Information Exposure | cvebase