CVE-2026-20860

CWE-8435 documents5 sources

Severity

7.8HIGH

EPSS

0.1%

top 75.39%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Windows 10 Version 1607 Microsoft Windows 10 Version 1809 Microsoft Windows 10 Version 21h2 +29 more

Timeline

PublishedJan 13

Description

Access of resource using incompatible type ('type confusion') in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages31 packages

▶NVDmicrosoft/windows< 10.0.14393.8783+5

▶NVDmicrosoft/windows_10_1607< 10.0.14393.8783

▶NVDmicrosoft/windows_10_1809< 10.0.17763.8276

▶NVDmicrosoft/windows_10_21h2< 10.0.19044.6809

▶NVDmicrosoft/windows_10_22h2< 10.0.19045.6809

🔴Vulnerability Details

CVEList

Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability↗2026-01-13

▶

GHSA

GHSA-jg5c-2pc3-432m: Access of resource using incompatible type ('type confusion') in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevat↗2026-01-13

▶

📋Vendor Advisories

Microsoft

Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability↗2026-01-13

▶

🕵️Threat Intelligence

Wiz

CVE-2026-20860 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶