Zero Day MonitorZDM

← Back to list

7.5

CVE-2026-20929PATCHED

microsoft · windows_10_1607

Improper access control in Windows HTTP.sys allows an authorized attacker to elevate privileges over a network.

Description

Improper access control in Windows HTTP.sys allows an authorized attacker to elevate privileges over a network.

Affected Products

Vendor	Product	Versions
microsoft	windows_10_1607	< 10.0.14393.8783, < 10.0.14393.8783, < 10.0.17763.8276, < 10.0.17763.8276, < 10.0.19044.6809, < 10.0.19045.6809, < 10.0.22631.6491, < 10.0.14393.8783, < 10.0.17763.8276, < 10.0.20348.4648, < 10.0.25398.2092

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20929(Vendor Advisory)

Related News (1 articles)

Tier C

CrowdStrike Blog1d ago

Detecting CVE-2026-20929: Kerberos Authentication Relay via CNAME Abuse

→ No new info (linked only)

CVSS 3.17.5 HIGH

VectorCVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA KEV❌ No

Actively exploited❌ No

Patch available

10.0.14393.878310.0.17763.827610.0.19044.680910.0.19045.680910.0.20348.464810.0.22631.649110.0.25398.2092

CWECWE-284

PublishedJan 13, 2026

Last enriched5d ago

Trending Score24

Source articles1

Independent1

Info Completeness8/14

Missing: epss, kev, exploit, patch, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (5)

HIGHCVE-2026-21510EXPKEV

Protection mechanism failure in Windows Shell allows an unauthorized attacker to bypass a security feature over a network.

MEDIUMCVE-2026-32187EXP

Microsoft Edge (Chromium-based) Defense in Depth Vulnerability

MEDIUMCVE-2026-20805EXPKEV

Exposure of sensitive information to an unauthorized actor in Desktop Windows Manager allows an authorized attacker to disclose information locally.

HIGHCVE-2026-34054

openssl on Windows built with openssldir set from the build machine (Uncontrolled Search Path Element)

MEDIUMCVE-2026-34401

XML Notepad: XML External Entity (XXE) Injection via Unsafe XmlTextReader in XML Diff and Schema Loading

Pin to Dashboard

Verification

State: verified

Confidence: 100%

Vulnerability Timeline

CVE Published

Jan 13, 2026

Patch Available

Jan 16, 2026

Discovered by ZDM

Mar 26, 2026