Description
Use after free in Windows Win32K - ICOMP allows an authorized attacker to elevate privileges locally.
Published: 2026-01-13
Score: 7.8 High
EPSS: < 1% Very Low
KEV: No
Impact: Local Privilege Escalation
Action: Patch Immediately
AI Analysis

Impact

This vulnerability is a use‑after‑free flaw in the Windows Win32K kernel component’s ICOMP interface, categorized as CWE‑416. A malicious actor who already has local access can craft an operation that frees memory and subsequently reuses it, allowing the execution of arbitrary code with kernel‑level privileges. The improper handling of freed memory permits the attacker to bypass normal privilege boundaries and elevate their permissions to system‑level access.

Affected Systems

Affected vendors and products are Microsoft Windows 11 versions 23H2 and 22H3, as well as Microsoft Windows Server 2022, including the 23H2 Server Core edition. All systems running the Win32K component within these revisions are potentially vulnerable.

Risk and Exploitability

The CVSS score for this issue is 7.8, reflecting a high severity, while the EPSS score is below 1%, indicating a low current exploit probability. The vulnerability is not listed in the CISA KEV catalog. Attackers require local presence and the ability to invoke the ICOMP interface; no remote execution vector is documented. When triggered, the use‑after‑free can allow kernel‑level code execution, leading to full system compromise.

Generated by OpenCVE AI on April 18, 2026 at 06:39 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the Microsoft security update for CVE‑2026‑20920 through Windows Update or the Microsoft Security Response Center update guide.
  • Reboot affected systems to load the patched kernel and ensure the changes take effect.
  • Configure Windows Update to deploy kernel updates automatically and run periodic vulnerability scans to verify patch status.

Generated by OpenCVE AI on April 18, 2026 at 06:39 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 15 Jan 2026 21:30:00 +0000

Type Values Removed Values Added
First Time appeared Microsoft windows 11 23h2
Microsoft windows Server 2022 23h2
CPEs cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*
Vendors & Products Microsoft windows 11 23h2
Microsoft windows Server 2022 23h2

Tue, 13 Jan 2026 19:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 13 Jan 2026 18:15:00 +0000

Type Values Removed Values Added
Description Use after free in Windows Win32K - ICOMP allows an authorized attacker to elevate privileges locally.
Title Win32k Elevation of Privilege Vulnerability
First Time appeared Microsoft
Microsoft windows 11 23h2
Microsoft windows Server 2022
Microsoft windows Server 23h2
Weaknesses CWE-416
CPEs cpe:2.3:o:microsoft:windows_11_23H2:*:*:*:*:*:*:arm64:*
cpe:2.3:o:microsoft:windows_11_23H2:*:*:*:*:*:*:x64:*
cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_23h2:*:*:*:*:*:*:*:*
Vendors & Products Microsoft
Microsoft windows 11 23h2
Microsoft windows Server 2022
Microsoft windows Server 23h2
References
Metrics cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C'}

Subscriptions

Microsoft Windows 11 23h2 Windows 11 23h2 Windows Server 2022 Windows Server 2022 23h2 Windows Server 23h2
cve-icon MITRE

Status: PUBLISHED

Assigner: microsoft

Published:

Updated: 2026-04-01T13:48:48.091Z

Reserved: 2025-12-04T20:04:16.335Z

Link: CVE-2026-20920

cve-icon Vulnrichment

Updated: 2026-01-13T19:10:40.019Z

cve-icon NVD

Status : Analyzed

Published: 2026-01-13T18:16:18.303

Modified: 2026-01-15T21:16:36.287

Link: CVE-2026-20920

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-18T06:45:23Z

Weaknesses