Description
Incorrect privilege assignment in Windows Hello allows an unauthorized attacker to perform tampering locally.
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:NExploitability: 2.5 | Impact: 5.2Attack Vector: Local
Complexity: Low
Privileges: None
User Interaction: None
Scope: Unchanged
Confidentiality: High
Integrity: High
Availability: None
Affected Packages23 packages
🔴Vulnerability Details
2CVEListWindows Hello Tampering Vulnerability↗2026-01-13 GHSAGHSA-2j6v-89gr-9crm: Incorrect privilege assignment in Windows Hello allows an unauthorized attacker to perform tampering locally↗2026-01-13 📋Vendor Advisories
1MicrosoftWindows Hello Tampering Vulnerability↗2026-01-13 🕵️Threat Intelligence
1WizCVE-2026-20852 Impact, Exploitability, and Mitigation Steps | Wiz↗