Skip to main content

Microsoft CVE-2026-20930

| EUVDEUVD-2026-22353 HIGH
Race Condition (CWE-362)
2026-04-14 microsoft GHSA-6896-87qw-x945
7.8
CVSS 3.1 · NVD
Temporal: 6.8
Share

Severity by source

NVD PRIMARY
7.8 HIGH
AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
CIRCL (temporal)
6.8 MEDIUM
cvss

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
High
Privileges Required
Low
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

6
Re-analysis Queued
Apr 17, 2026 - 15:22 vuln.today
cvss_changed
Analysis Generated
Apr 14, 2026 - 18:50 vuln.today
EUVD ID Assigned
Apr 14, 2026 - 17:46 euvd
EUVD-2026-22353
Analysis Generated
Apr 14, 2026 - 17:46 vuln.today
Patch released
Apr 14, 2026 - 17:46 nvd
Patch available
CVE Published
Apr 14, 2026 - 16:56 nvd
HIGH 7.8

DescriptionCVE.org

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Management Services allows an authorized attacker to elevate privileges locally.

AnalysisAI

Privilege escalation in Windows Management Services (all supported Windows 10/11 and Server versions) allows authenticated local attackers with low privileges to gain high-level system access via race condition exploitation. Vendor-released patches are available for all affected versions. CVSS score of 7.8 reflects high complexity attack requiring precise timing but enabling full system compromise with changed scope. No public exploit identified at time of analysis, though the race condition cla

Technical ContextAI

This vulnerability involves a race condition (CWE-362) in Windows Management Services, a core component responsible for system administration and monitoring across Windows platforms. Race conditions occur when multiple threads or processes access shared resources concurrently without proper synchronization primitives (mutexes, semaphores, or critical sections). In this case, an attacker can exploit a time-of-check-to-time-of-use (TOCTOU) window where the service validates permissions but acts on potentially modified state. The vulnerability affects Windows Management Services across the entire supported Windows ecosystem, including Windows 10 (versions 1809, 21H2, 22H2), Windows 11 (versions 22H3, 23H2, 24H2, 25H2), and Windows Server (2019, 2022, 2025) in both full and Server Core installations. The changed scope (S:C) in the CVSS vector indicates the vulnerability allows escaping the security context of the vulnerable component, enabling broader system access than the initial authorization level.

RemediationAI

Organizations should apply Microsoft's January 2025 security updates immediately to all affected Windows systems. Patched versions are Windows 10 version 1809 build 10.0.17763.8644 or later, Windows 10 versions 21H2/22H2 builds 10.0.19044.7184/10.0.19045.7184 or later, Windows 11 versions 22H3/23H2 build 10.0.22631.6936 or later, Windows 11 version 24H2 build 10.0.26100.32690 or later, Windows 11 version 25H2 build 10.0.26200.8246 or later, Windows Server 2019 build 10.0.17763.8644 or later, Windows Server 2022 build 10.0.20348.5020 or later, Windows Server 2022 23H2 Server Core build 10.0.25398.2274 or later, and Windows Server 2025 build 10.0.26100.32690 or later. Deploy patches through Windows Update, WSUS, or enterprise patch management solutions. No workarounds are documented; patching is the sole remediation. Prioritize systems with untrusted local users, including terminal servers, jump boxes, and multi-tenant environments. Detailed patch information and deployment guidance are available at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20930.

Share

CVE-2026-20930 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy