CVE-2026-20838
published 2026-01-13CVE-2026-20838: Generation of error message containing sensitive information in Windows Kernel allows an authorized attacker to disclose information locally.
medium5.5CVSS 3.1
AVLACLPRLUINSUCHINAN
Generation of error message containing sensitive information in Windows Kernel allows an authorized attacker to disclose information locally.
Affected
21 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | windows_11_23h2 | < 10.0.22631.6491 | 10.0.22631.6491 |
| microsoft | windows_11_24h2 | < 10.0.26100.7623 | 10.0.26100.7623 |
| microsoft | windows_11_25h2 | < 10.0.26200.7623 | 10.0.26200.7623 |
| microsoft | windows_11_version_22h3 | >= 10.0.22631.0 < 10.0.22631.6491 | 10.0.22631.6491 |
| microsoft | windows_11_version_23h2 | >= 10.0.22631.0 < 10.0.22631.6491 | 10.0.22631.6491 |
| microsoft | windows_11_version_24h2 | >= 10.0.26100.0 < 10.0.26100.7623 | 10.0.26100.7623 |
| microsoft | windows_11_version_25h2 | >= 10.0.26200.0 < 10.0.26200.7623 | 10.0.26200.7623 |
| microsoft | windows_server_2022 | < 10.0.20348.4648 | 10.0.20348.4648 |
| microsoft | windows_server_2022 | >= 10.0.20348.0 < 10.0.20348.4648 | 10.0.20348.4648 |
| microsoft | windows_server_2022_23h2 | < 10.0.25398.2092 | 10.0.25398.2092 |
| microsoft | windows_server_2025 | < 10.0.26100.32230 | 10.0.26100.32230 |
| microsoft | windows_server_2025 | >= 10.0.26100.0 < 10.0.26100.32230 | 10.0.26100.32230 |
| msrc | windows_11_version_23h2_for_arm64-based_systems | — | — |
| msrc | windows_11_version_23h2_for_x64-based_systems | — | — |
| msrc | windows_11_version_24h2_for_arm64-based_systems | — | — |
| msrc | windows_11_version_24h2_for_x64-based_systems | — | — |
| msrc | windows_11_version_25h2_for_arm64-based_systems | — | — |
| msrc | windows_11_version_25h2_for_x64-based_systems | — | — |
| msrc | windows_server_2022 | — | — |
| msrc | windows_server_2022_23h2_edition | — | — |
| msrc | windows_server_2025 | — | — |