Microsoft
CVE-2026-20931
HIGH
Severity by source
AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
2DescriptionCVE.org
External control of file name or path in Windows Telephony Service allows an authorized attacker to elevate privileges over an adjacent network.
AnalysisAI
Windows Telephony Service on multiple Windows versions (10, 11, Server 2008/2022) contains an improper file path control vulnerability that enables authenticated attackers on the same network to escalate privileges to system level. An attacker with local user credentials can manipulate file name or path parameters to achieve elevated privileges without user interaction. No patch is currently available, though the vulnerability has high exploitability potential (EPSS 0.8%).
Technical ContextAI
Affects the Windows Telephony component of Windows 10 1607. External control of file name or path in Windows Telephony Service allows an authorized attacker to elevate privileges over an adjacent network.
RemediationAI
Monitor vendor advisories for a patch.
Same weakness CWE-73 – External Control of File Name or Path
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today