CVE-2026-20819 - Vulnerability Details

- Windows Virtualization-Based Security (VBS) Information Disclosure Vulnerability

Description

Untrusted pointer dereference in Windows Virtualization-Based Security (VBS) Enclave allows an authorized attacker to disclose information locally.

Published: 2026-01-13

Score: 5.5 Medium

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

The vulnerability is an untrusted pointer dereference that occurs inside the Windows Virtualization-Based Security (VBS) enclave. When an authorized local attacker triggers the failure on a system running the affected Windows 11 versions, the flaw allows the reader to access memory that should be protected by the enclave. This results in local information disclosure. The weakness is classified as CWE‑822, indicating an insecure pointer dereference that can leak data.

Affected Systems

The flaw affects Microsoft Windows 11 operating systems, including the 22H3, 23H2, 24H2, and 25H2 releases. Both ARM64 and x64 architectures are impacted, as reflected in the listed CPE entries.

Risk and Exploitability

The CVSS score of 5.5 indicates a moderate severity. The EPSS score of less than 1% reflects a very low probability of exploitation in the wild. The vulnerability is not currently listed in the CISA KEV catalog. Exploitation requires local authorized access to the target machine; the attacker must be able to execute code within the VBS enclave context. Once triggered, the attacker can read the content of the enclave’s memory, exposing any sensitive data residing there. The attack vector is therefore local, and no network or remote exploitation is possible.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Microsoft

Windows 11 version 22H3

affected

Version	Status	Constraints
`10.0.22631.0`	affected	< 10.0.22631.6491

Microsoft

Windows 11 Version 23H2

affected

Version	Status	Constraints
`10.0.22631.0`	affected	< 10.0.22631.6491

Microsoft

Windows 11 Version 24H2

affected

Version	Status	Constraints
`10.0.26100.0`	affected	< 10.0.26100.7623

Microsoft

Windows 11 Version 25H2

affected

Version	Status	Constraints
`10.0.26200.0`	affected	< 10.0.26200.7623

Configuration 1 [-]

OR	cpe:2.3:o:microsoft:windows_11_23h2::::::::
	cpe:2.3:o:microsoft:windows_11_24h2::::::::
	cpe:2.3:o:microsoft:windows_11_25h2::::::::

No data.

No data available yet.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Update Windows 11 with the Microsoft security update for CVE‑2026‑20819 via Windows Update or WSUS.
Reduce the scope of local privileges that permit access to the VBS enclave, ensuring only trusted system components can invoke it.
Continuously monitor VBS logs for anomalous memory read activity and enforce least‑privilege policies on the host.

Generated by OpenCVE AI on April 18, 2026 at 06:41 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.0004.

Exploitation none

Automatable no

Technical Impact partial

References

Link	Providers
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20819

History

Wed, 14 Jan 2026 20:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Microsoft windows 11 23h2 Microsoft windows 11 24h2 Microsoft windows 11 25h2
CPEs		cpe:2.3:o:microsoft:windows_11_23h2:::::::: cpe:2.3:o:microsoft:windows_11_24h2:::::::: cpe:2.3:o:microsoft:windows_11_25h2::::::::
Vendors & Products		Microsoft windows 11 23h2 Microsoft windows 11 24h2 Microsoft windows 11 25h2

Wed, 14 Jan 2026 20:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Tue, 13 Jan 2026 18:15:00 +0000

Type	Values Removed	Values Added
Description		Untrusted pointer dereference in Windows Virtualization-Based Security (VBS) Enclave allows an authorized attacker to disclose information locally.
Title		Windows Virtualization-Based Security (VBS) Information Disclosure Vulnerability
First Time appeared		Microsoft Microsoft windows 11 23h2 Microsoft windows 11 24h2 Microsoft windows 11 2h2
Weaknesses		CWE-822
CPEs		cpe:2.3:o:microsoft:windows_11_23H2:::::::arm64:* cpe:2.3:o:microsoft:windows_11_23H2:::::::x64:* cpe:2.3:o:microsoft:windows_11_24H2:::::::arm64:* cpe:2.3:o:microsoft:windows_11_2H2:::::::x64:*
Vendors & Products		Microsoft Microsoft windows 11 23h2 Microsoft windows 11 24h2 Microsoft windows 11 2h2
References		https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20819
Metrics		cvssV3_1 `{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C'}`

Subscriptions

Microsoft Windows 11 23h2 Windows 11 23h2 Windows 11 24h2 Windows 11 24h2 Windows 11 25h2 Windows 11 2h2

MITRE

Status: PUBLISHED

Assigner: microsoft

Published: 2026-01-13T17:56:15.181Z

Updated: 2026-04-01T13:48:24.012Z

Reserved: 2025-12-03T05:54:20.373Z

Link: CVE-2026-20819

Vulnrichment

Updated: 2026-01-13T19:39:04.651Z

NVD

Status : Analyzed

Published: 2026-01-13T18:16:08.983

Modified: 2026-01-14T20:33:03.647

Link: CVE-2026-20819

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-04-18T06:45:23Z

Weaknesses

CWE-822

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Exploitation none

Automatable no

Technical Impact partial

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object