Description
Use after free in Windows Kernel-Mode Drivers allows an authorized attacker to elevate privileges locally.
Published: 2026-01-13
Score: 7.8 High
EPSS: < 1% Very Low
KEV: No
Impact: Local Privilege Escalation
Action: Immediate Patch
AI Analysis

Impact

A use‑after‑free flaw in Windows kernel‑mode drivers allows an authorized user to raise privileges locally, potentially enabling the execution of arbitrary code with elevated rights. This vulnerability is classified as CWE‑416.

Affected Systems

Affected systems include Microsoft Windows 11 versions 24H2 and 25H2, as well as Microsoft Windows Server 2025, including Server Core installations.

Risk and Exploitability

The CVSS base score of 7.8 indicates a high severity of local privilege escalation. The EPSS score of less than 1% suggests that exploitation is unlikely at this time, and the vulnerability is not currently listed in the CISA KEV catalog. Exploitation requires local access and privileged user context to trigger the use‑after‑free condition; therefore the attack vector is inferred to be local. Once exploited, the attacker could obtain system‑wide privileges, compromising confidentiality, integrity, and availability of the affected machine.

Generated by OpenCVE AI on April 18, 2026 at 06:40 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Install the Microsoft cumulative update that addresses CVE-2026‑20859 for all affected Windows 11 and Windows Server 2025 installations.
  • After applying the update, reboot the system to ensure the kernel component containing the fix is loaded.
  • If the update cannot be applied immediately, limit the use of local privileged accounts and consider blocking the loading of the affected drivers through device driver signing enforcement or the Device Installation Restrictions policy.

Generated by OpenCVE AI on April 18, 2026 at 06:40 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 15 Jan 2026 15:30:00 +0000

Type Values Removed Values Added
First Time appeared Microsoft windows 11 24h2
Microsoft windows 11 25h2
CPEs cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_11_25h2:*:*:*:*:*:*:*:*
Vendors & Products Microsoft windows 11 24h2
Microsoft windows 11 25h2

Thu, 15 Jan 2026 00:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 13 Jan 2026 18:15:00 +0000

Type Values Removed Values Added
Description Use after free in Windows Kernel-Mode Drivers allows an authorized attacker to elevate privileges locally.
Title Windows Kernel-Mode Driver Elevation of Privilege Vulnerability
First Time appeared Microsoft
Microsoft windows 11 24h2
Microsoft windows 11 25h2
Microsoft windows Server 2025
Weaknesses CWE-416
CPEs cpe:2.3:o:microsoft:windows_11_24H2:*:*:*:*:*:*:arm64:*
cpe:2.3:o:microsoft:windows_11_25H2:*:*:*:*:*:*:arm64:*
cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*
Vendors & Products Microsoft
Microsoft windows 11 24h2
Microsoft windows 11 25h2
Microsoft windows Server 2025
References
Metrics cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C'}

Subscriptions

Microsoft Windows 11 24h2 Windows 11 24h2 Windows 11 25h2 Windows 11 25h2 Windows Server 2025
cve-icon MITRE

Status: PUBLISHED

Assigner: microsoft

Published:

Updated: 2026-04-01T13:48:42.041Z

Reserved: 2025-12-03T05:54:20.380Z

Link: CVE-2026-20859

cve-icon Vulnrichment

Updated: 2026-01-13T19:35:18.815Z

cve-icon NVD

Status : Analyzed

Published: 2026-01-13T18:16:14.810

Modified: 2026-01-15T15:27:06.083

Link: CVE-2026-20859

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-18T06:45:23Z

Weaknesses