Skip to main content

Connected Devices Platform Service CVE-2026-20864

HIGH
Heap-based Buffer Overflow (CWE-122)
2026-01-13 secure@microsoft.com
7.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.8 HIGH
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

2
Analysis Generated
Mar 12, 2026 - 21:54 vuln.today
CVE Published
Jan 13, 2026 - 18:16 nvd
HIGH 7.8

DescriptionCVE.org

Heap-based buffer overflow in Connected Devices Platform Service (Cdpsvc) allows an authorized attacker to elevate privileges locally.

AnalysisAI

Windows Server and Windows 10/11 Connected Devices Platform Service (Cdpsvc) contains a heap buffer overflow that allows authenticated local users to escalate privileges to system level. The vulnerability requires low complexity exploitation with no user interaction, affecting multiple recent Windows versions including Server 2022, Windows 10 21h2, and Windows 11 23h2. No patch is currently available for this high-severity flaw.

Technical ContextAI

Classified as CWE-122 (Heap-based Buffer Overflow). Affects the Connected Devices Platform component of Windows 10 1809. Heap-based buffer overflow in Connected Devices Platform Service (Cdpsvc) allows an authorized attacker to elevate privileges locally.

RemediationAI

Monitor vendor advisories for a patch. Enable ASLR, DEP/NX, and stack canaries where possible.

Share

CVE-2026-20864 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy