cbcvebase.
CVE-2026-20871
published 2026-01-13

CVE-2026-20871: Use after free in Desktop Windows Manager allows an authorized attacker to elevate privileges locally.

high7.8CVSS 3.1
AVLACLPRLUINSUCHIHAH
Use after free in Desktop Windows Manager allows an authorized attacker to elevate privileges locally.

Affected

31 ranges· showing 25
VendorProductVersion rangeFixed in
microsoftwindows_10_21h2< 10.0.19044.680910.0.19044.6809
microsoftwindows_10_22h2< 10.0.19045.680910.0.19045.6809
microsoftwindows_10_version_21h2>= 10.0.19044.0 < 10.0.19044.680910.0.19044.6809
microsoftwindows_10_version_22h2>= 10.0.19045.0 < 10.0.19045.680910.0.19045.6809
microsoftwindows_11_23h2< 10.0.22631.649110.0.22631.6491
microsoftwindows_11_24h2< 10.0.26100.762310.0.26100.7623
microsoftwindows_11_25h2< 10.0.26200.762310.0.26200.7623
microsoftwindows_11_version_22h3>= 10.0.22631.0 < 10.0.22631.649110.0.22631.6491
microsoftwindows_11_version_23h2>= 10.0.22631.0 < 10.0.22631.649110.0.22631.6491
microsoftwindows_11_version_24h2>= 10.0.26100.0 < 10.0.26100.762310.0.26100.7623
microsoftwindows_11_version_25h2>= 10.0.26200.0 < 10.0.26200.762310.0.26200.7623
microsoftwindows_server_2022< 10.0.20348.464810.0.20348.4648
microsoftwindows_server_2022>= 10.0.20348.0 < 10.0.20348.464810.0.20348.4648
microsoftwindows_server_2022_23h2< 10.0.25398.209210.0.25398.2092
microsoftwindows_server_2025< 10.0.26100.3223010.0.26100.32230
microsoftwindows_server_2025>= 10.0.26100.0 < 10.0.26100.3223010.0.26100.32230
msrcwindows_10_version_21h2_for_32-bit_systems
msrcwindows_10_version_21h2_for_arm64-based_systems
msrcwindows_10_version_21h2_for_x64-based_systems
msrcwindows_10_version_22h2_for_32-bit_systems
msrcwindows_10_version_22h2_for_arm64-based_systems
msrcwindows_10_version_22h2_for_x64-based_systems
msrcwindows_11_version_23h2_for_arm64-based_systems
msrcwindows_11_version_23h2_for_x64-based_systems
msrcwindows_11_version_24h2_for_arm64-based_systems