Description
Heap-based buffer overflow in Windows Virtualization-Based Security (VBS) Enclave allows an authorized attacker to elevate privileges locally.
Published: 2026-01-13
Score: 6.7 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Local Privilege Escalation via VBS Enclave heap overflow
Action: Immediate Patch
AI Analysis

Impact

A heap-based buffer overflow in the Windows Virtualization-Based Security (VBS) enclave allows an attacker who already has local access to elevate privileges. The flaw enables the attacker to corrupt memory within the enclave runtime and execute arbitrary code with higher privilege levels, potentially compromising system integrity and confidentiality.

Affected Systems

Affected Microsoft products include Windows 11 versions 22H3, 23H2, 24H2, and 25H2, as well as Microsoft Windows Server 2022 23H2 (Server Core), Windows Server 2025, and Windows Server 2025 Server Core installations. These versions run on both x64 and arm64 architectures.

Risk and Exploitability

The CVSS score is 6.7, indicating medium severity, while the EPSS score is below 1%, suggesting a low probability of exploitation under current conditions. The vulnerability is not listed in the CISA KEV catalog. Attackers need local authorization to trigger the heap overflow, implying that prevention hinges on limiting local privileged access and applying the vendor patch as soon as feasible.

Generated by OpenCVE AI on April 16, 2026 at 08:22 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Install the latest Windows update that fixes CVE-2026-20876 on all affected Windows 11 and Windows Server systems
  • If the patch cannot be applied immediately, disable the VBS enclave feature on workloads that do not require it until remediation is possible
  • Review and restrict local administrative accounts, removing unnecessary privileged users to reduce the window for an authorized attacker

Generated by OpenCVE AI on April 16, 2026 at 08:22 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 16 Jan 2026 22:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Thu, 15 Jan 2026 21:30:00 +0000

Type Values Removed Values Added
First Time appeared Microsoft windows 11 23h2
Microsoft windows 11 24h2
Microsoft windows 11 25h2
Microsoft windows Server 2022 23h2
CPEs cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_11_25h2:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*
Vendors & Products Microsoft windows 11 23h2
Microsoft windows 11 24h2
Microsoft windows 11 25h2
Microsoft windows Server 2022 23h2

Tue, 13 Jan 2026 18:15:00 +0000

Type Values Removed Values Added
Description Heap-based buffer overflow in Windows Virtualization-Based Security (VBS) Enclave allows an authorized attacker to elevate privileges locally.
Title Windows Virtualization-Based Security (VBS) Enclave Elevation of Privilege Vulnerability
First Time appeared Microsoft
Microsoft windows 11 23h2
Microsoft windows 11 24h2
Microsoft windows 11 25h2
Microsoft windows Server 2025
Microsoft windows Server 23h2
Weaknesses CWE-122
CPEs cpe:2.3:o:microsoft:windows_11_23H2:*:*:*:*:*:*:arm64:*
cpe:2.3:o:microsoft:windows_11_23H2:*:*:*:*:*:*:x64:*
cpe:2.3:o:microsoft:windows_11_24H2:*:*:*:*:*:*:arm64:*
cpe:2.3:o:microsoft:windows_11_25H2:*:*:*:*:*:*:arm64:*
cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_23h2:*:*:*:*:*:*:*:*
Vendors & Products Microsoft
Microsoft windows 11 23h2
Microsoft windows 11 24h2
Microsoft windows 11 25h2
Microsoft windows Server 2025
Microsoft windows Server 23h2
References
Metrics cvssV3_1

{'score': 6.7, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C'}

Subscriptions

Microsoft Windows 11 23h2 Windows 11 23h2 Windows 11 24h2 Windows 11 24h2 Windows 11 25h2 Windows 11 25h2 Windows Server 2022 23h2 Windows Server 2025 Windows Server 23h2
cve-icon MITRE

Status: PUBLISHED

Assigner: microsoft

Published:

Updated: 2026-04-01T13:48:45.435Z

Reserved: 2025-12-03T05:54:20.389Z

Link: CVE-2026-20876

cve-icon Vulnrichment

Updated: 2026-01-13T19:34:36.913Z

cve-icon NVD

Status : Analyzed

Published: 2026-01-13T18:16:17.650

Modified: 2026-01-15T21:28:22.290

Link: CVE-2026-20876

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-16T08:30:29Z

Weaknesses