CVE-2026-20920
published 2026-01-13CVE-2026-20920: Use after free in Windows Win32K - ICOMP allows an authorized attacker to elevate privileges locally.
high7.8CVSS 3.1
AVLACLPRLUINSUCHIHAH
Use after free in Windows Win32K - ICOMP allows an authorized attacker to elevate privileges locally.
Affected
10 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | windows_11_23h2 | < 10.0.22631.6491 | 10.0.22631.6491 |
| microsoft | windows_11_version_22h3 | >= 10.0.22631.0 < 10.0.22631.6491 | 10.0.22631.6491 |
| microsoft | windows_11_version_23h2 | >= 10.0.22631.0 < 10.0.22631.6491 | 10.0.22631.6491 |
| microsoft | windows_server_2022 | < 10.0.20348.4648 | 10.0.20348.4648 |
| microsoft | windows_server_2022 | >= 10.0.20348.0 < 10.0.20348.4648 | 10.0.20348.4648 |
| microsoft | windows_server_2022_23h2 | < 10.0.25398.2092 | 10.0.25398.2092 |
| msrc | windows_11_version_23h2_for_arm64-based_systems | — | — |
| msrc | windows_11_version_23h2_for_x64-based_systems | — | — |
| msrc | windows_server_2022 | — | — |
| msrc | windows_server_2022_23h2_edition | — | — |