Skip to main content

Microsoft CVE-2026-20921

HIGH
Race Condition (CWE-362)
2026-01-13 secure@microsoft.com
7.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.5 HIGH
AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
High
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

2
Analysis Generated
Mar 12, 2026 - 21:54 vuln.today
CVE Published
Jan 13, 2026 - 18:16 nvd
HIGH 7.5

DescriptionCVE.org

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows SMB Server allows an authorized attacker to elevate privileges over a network.

AnalysisAI

Privilege escalation in Windows SMB Server (2022, 2025) stems from improper synchronization of concurrent resource access, enabling authenticated network attackers to gain elevated privileges. The vulnerability requires specific conditions to trigger but provides high-impact unauthorized access when successfully exploited. No patch is currently available for affected systems.

Technical ContextAI

Classified as CWE-362 (Race Condition). Affects Windows 10 1607. Concurrent execution using shared resource with improper synchronization ('race condition') in Windows SMB Server allows an authorized attacker to elevate privileges over a network.

RemediationAI

Monitor vendor advisories for a patch. Restrict network access to the affected service where possible.

Share

CVE-2026-20921 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy