CVE-2026-20941

EPSS 0.06%
Veröffentlicht 13.01.2026 17:57:10
Zuletzt bearbeitet 16.01.2026 15:55:38
Quelle secure@microsoft.com
CVE-Watchlists
Login
Unerledigt
Login

Host Process for Windows Tasks Elevation of Privilege Vulnerability

Improper link resolution before file access ('link following') in Host Process for Windows Tasks allows an authorized attacker to elevate privileges locally.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 4

NVD 5 VulnDex Vulnerability Enrichment 2

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Microsoft ≫ Windows 11 24h2 HwPlatformarm64 Version < 10.0.26100.7623

Microsoft ≫ Windows 11 24h2 HwPlatformx64 Version < 10.0.26100.7623

Microsoft ≫ Windows 11 25h2 HwPlatformarm64 Version < 10.0.26200.7623

Microsoft ≫ Windows 11 25h2 HwPlatformx64 Version < 10.0.26200.7623

Microsoft ≫ Windows Server 2025 Version < 10.0.26100.32230

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.06%	0.181

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
secure@microsoft.com	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-59 Improper Link Resolution Before File Access ('Link Following')

The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20941

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2026-20941

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-20941

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-20941

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2026-20941