Description
Out-of-bounds read in Capability Access Management Service (camsvc) allows an authorized attacker to disclose information locally.
Published: 2026-01-13
Score: 5.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Local Information Disclosure
Action: Assess Impact
AI Analysis

Impact

An out‑of‑bounds read in Capability Access Management Service (camsvc) permits an attacker who is already authorized on the system to read memory contents. This error results in disclosure of sensitive data that the attacker can access locally, and is identified as CWE‑125, indicating an arbitrary read vulnerability. The impact is limited to disclosure of confidential information; it does not provide code execution or denial‑of‑service capabilities.

Affected Systems

Microsoft Windows 11 Version 24H2, Windows 11 Version 25H2, Windows Server 2022 23H2 Edition (Server Core installation), Windows Server 2025, and Windows Server 2025 (Server Core installation).

Risk and Exploitability

The vulnerability carries a CVSS score of 5.5 and an EPSS score of less than 1 %, indicating a moderate severity and very low probability of exploitation. It is not listed in the CISA KEV catalog. The attack vector is inferred to be local: an attacker must have legitimate access to the host, with sufficient privileges to interact with the camsvc process. No public exploit has been reported, and the risk is confined to the local user’s information disclosure. The overall risk is moderate, with the primary concern being potential exposure of confidential data within the scope of the attacker’s local permissions.

Generated by OpenCVE AI on April 16, 2026 at 08:30 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the official Microsoft security update for CVE‑2026‑20835 as soon as it becomes available.
  • Restrict local user privileges so that only trusted accounts can invoke or interact with Capability Access Management Service (camsvc).
  • Enable auditing for camsvc activity and monitor logs for unusual read operations or privilege escalation attempts.

Generated by OpenCVE AI on April 16, 2026 at 08:30 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 15 Jan 2026 15:15:00 +0000

Type Values Removed Values Added
First Time appeared Microsoft windows 11 24h2
Microsoft windows 11 25h2
Microsoft windows Server 2022 23h2
CPEs cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_11_25h2:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*
Vendors & Products Microsoft windows 11 24h2
Microsoft windows 11 25h2
Microsoft windows Server 2022 23h2

Wed, 14 Jan 2026 20:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 13 Jan 2026 18:15:00 +0000

Type Values Removed Values Added
Description Out-of-bounds read in Capability Access Management Service (camsvc) allows an authorized attacker to disclose information locally.
Title Capability Access Management Service (camsvc) Information Disclosure Vulnerability
First Time appeared Microsoft
Microsoft windows 11 24h2
Microsoft windows 11 25h2
Microsoft windows Server 2025
Microsoft windows Server 23h2
Weaknesses CWE-125
CPEs cpe:2.3:o:microsoft:windows_11_24H2:*:*:*:*:*:*:arm64:*
cpe:2.3:o:microsoft:windows_11_25H2:*:*:*:*:*:*:arm64:*
cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_23h2:*:*:*:*:*:*:*:*
Vendors & Products Microsoft
Microsoft windows 11 24h2
Microsoft windows 11 25h2
Microsoft windows Server 2025
Microsoft windows Server 23h2
References
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C'}

Subscriptions

Microsoft Windows 11 24h2 Windows 11 24h2 Windows 11 25h2 Windows 11 25h2 Windows Server 2022 23h2 Windows Server 2025 Windows Server 23h2
cve-icon MITRE

Status: PUBLISHED

Assigner: microsoft

Published:

Updated: 2026-04-01T13:48:33.099Z

Reserved: 2025-12-03T05:54:20.375Z

Link: CVE-2026-20835

cve-icon Vulnrichment

Updated: 2026-01-13T19:37:01.811Z

cve-icon NVD

Status : Analyzed

Published: 2026-01-13T18:16:11.660

Modified: 2026-01-15T15:05:28.833

Link: CVE-2026-20835

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-16T08:30:29Z

Weaknesses