CVE-2026-20930

CWE-362Race Condition2 documents2 sources
Severity
7.8HIGH
EPSS
No EPSS data
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
12
Microsoft Windows 10 Version 1809Microsoft Windows 10 Version 21h2Microsoft Windows 10 Version 22h2+9 more
Timeline
PublishedApr 14

Description

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Management Services allows an authorized attacker to elevate privileges locally.

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:HExploitability: 1.1 | Impact: 6.0

Affected Packages12 packages

CVEListV5microsoft/windows_server_201910.0.17763.010.0.17763.8644
CVEListV5microsoft/windows_server_202210.0.20348.010.0.20348.5020
CVEListV5microsoft/windows_server_202510.0.26100.010.0.26100.32690
CVEListV5microsoft/windows_10_version_180910.0.17763.010.0.17763.8644
CVEListV5microsoft/windows_10_version_21h210.0.19044.010.0.19044.7184

🔴Vulnerability Details

1
CVEList
Windows Management Services Elevation of Privilege Vulnerability2026-04-14
CVE-2026-20930 (HIGH CVSS 7.8) | Concurrent execution using shared r | cvebase.io