Description
Double free in Windows Win32K - ICOMP allows an authorized attacker to elevate privileges locally.
Published: 2026-01-13
Score: 7 High
EPSS: < 1% Very Low
KEV: No
Impact: Local Privilege Escalation
Action: Patch
AI Analysis

Impact

The vulnerability is a double free bug in the Windows Win32K ICOMP component that can be triggered by an authorized attacker to elevate privileges locally. The flaw is classified as CWE‑415. Allowing a local user to gain elevated system‑level privileges can lead to full control over the affected device, bypassing normal security boundaries for local accounts.

Affected Systems

Affected deployments include Microsoft Windows 11 versions 22H3, 23H2, 24H2, and 25H2, as well as Windows Server 2022 and the upcoming Windows Server 2025. The issue exists in both x64 and arm64 builds, impacting full and Server Core installations. Any system running these OS releases without the vendor update is vulnerable.

Risk and Exploitability

The CVSS v3.1 baseline score is 7.0, ranking it as high severity. The EPSS score of less than 1% indicates that exploitation is expected to be very rare, and the vulnerability is not currently listed in the CISA Known Exploited Vulnerabilities catalog. Based on the description, it is inferred that an attacker needs local user authorization to invoke the ICOMP routine. Once that condition is met, the double free can be leveraged to gain elevated privileges on the device.

Generated by OpenCVE AI on April 16, 2026 at 18:12 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the Microsoft security update that addresses CVE‑2026‑20863 to all affected Windows 11 and Server 2022/2025 releases.
  • If immediate patching is not possible, enable Windows Defender Exploit Guard mitigations such as ASLR and DEP to add memory protection for the Win32K component.
  • Restrict use of applications or services that depend on the Win32K ICOMP subsystem, or reduce local user privileges that can invoke the vulnerable routine.

Generated by OpenCVE AI on April 16, 2026 at 18:12 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 15 Jan 2026 15:45:00 +0000

Type Values Removed Values Added
First Time appeared Microsoft windows 11 23h2
Microsoft windows 11 24h2
Microsoft windows 11 25h2
Microsoft windows Server 2022 23h2
CPEs cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_11_25h2:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*
Vendors & Products Microsoft windows 11 23h2
Microsoft windows 11 24h2
Microsoft windows 11 25h2
Microsoft windows Server 2022 23h2

Wed, 14 Jan 2026 05:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 13 Jan 2026 18:15:00 +0000

Type Values Removed Values Added
Description Double free in Windows Win32K - ICOMP allows an authorized attacker to elevate privileges locally.
Title Win32k Elevation of Privilege Vulnerability
First Time appeared Microsoft
Microsoft windows 11 23h2
Microsoft windows 11 24h2
Microsoft windows 11 25h2
Microsoft windows Server 2022
Microsoft windows Server 2025
Microsoft windows Server 23h2
Weaknesses CWE-415
CPEs cpe:2.3:o:microsoft:windows_11_23H2:*:*:*:*:*:*:arm64:*
cpe:2.3:o:microsoft:windows_11_23H2:*:*:*:*:*:*:x64:*
cpe:2.3:o:microsoft:windows_11_24H2:*:*:*:*:*:*:arm64:*
cpe:2.3:o:microsoft:windows_11_25H2:*:*:*:*:*:*:arm64:*
cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_23h2:*:*:*:*:*:*:*:*
Vendors & Products Microsoft
Microsoft windows 11 23h2
Microsoft windows 11 24h2
Microsoft windows 11 25h2
Microsoft windows Server 2022
Microsoft windows Server 2025
Microsoft windows Server 23h2
References
Metrics cvssV3_1

{'score': 7, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C'}

Subscriptions

Microsoft Windows 11 23h2 Windows 11 23h2 Windows 11 24h2 Windows 11 24h2 Windows 11 25h2 Windows 11 25h2 Windows Server 2022 Windows Server 2022 23h2 Windows Server 2025 Windows Server 23h2
cve-icon MITRE

Status: PUBLISHED

Assigner: microsoft

Published:

Updated: 2026-04-01T13:49:07.624Z

Reserved: 2025-12-03T05:54:20.381Z

Link: CVE-2026-20863

cve-icon Vulnrichment

Updated: 2026-01-13T20:17:39.221Z

cve-icon NVD

Status : Analyzed

Published: 2026-01-13T18:16:15.467

Modified: 2026-01-15T15:34:09.473

Link: CVE-2026-20863

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-16T18:15:43Z

Weaknesses