Description
Untrusted pointer dereference in Windows Virtualization-Based Security (VBS) Enclave allows an authorized attacker to elevate privileges locally.
Published: 2026-01-13
Score: 7.8 High
EPSS: < 1% Very Low
KEV: No
Impact: Local Privilege Escalation
Action: Immediate Patch
AI Analysis

Impact

An untrusted pointer dereference within Windows Virtualization-Based Security (VBS) enclaves permits an authorized attacker to elevate privileges on a local system. This flaw exploits the enclave’s memory handling to bypass security checks, enabling the attacker to gain higher privileges, potentially compromising system integrity and confidentiality. The weakness is identified as CWE-822, reflecting improper validation of user-controlled data before dereferencing.

Affected Systems

Microsoft Windows 11 is affected in its 23H2, 24H2, 25H2, and 22H3 releases. The vulnerability spans both x64 and ARM64 architectures for these build versions.

Risk and Exploitability

The CVSS score of 7.8 indicates moderate to high severity, while the EPSS score of less than 1% suggests a low probability of current exploitation. The flaw is not cataloged in CISA’s Known Exploited Vulnerabilities list, implying no publicly available exploits at the moment. Nevertheless, the local attack vector requires an authorized attacker—such as a user with foothold or existing local access—to trigger the pointer attack, potentially leading to full privilege escalation on the compromised machine.

Generated by OpenCVE AI on April 16, 2026 at 08:17 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply Microsoft’s security update for CVE‑2026‑20938 as soon as it becomes available.
  • If a patch is delayed, disable Virtualization‑Based Security or the specific enclave features that access the vulnerable code paths to eliminate the attack surface.
  • Implement least privilege policies to restrict the rights of user accounts that may gain local access, reducing the impact of any successful escalation.
  • Regularly scan for indicators of exploitation and monitor system logs for unexpected privilege changes.
  • Maintain up‑to‑date system backups to allow rapid recovery if an attack succeeds.

Generated by OpenCVE AI on April 16, 2026 at 08:17 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 16 Jan 2026 16:00:00 +0000

Type Values Removed Values Added
First Time appeared Microsoft windows 11 23h2
Microsoft windows 11 24h2
Microsoft windows 11 25h2
CPEs cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:arm64:*
cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:x64:*
cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:arm64:*
cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:x64:*
cpe:2.3:o:microsoft:windows_11_25h2:*:*:*:*:*:*:arm64:*
cpe:2.3:o:microsoft:windows_11_25h2:*:*:*:*:*:*:x64:*
Vendors & Products Microsoft windows 11 23h2
Microsoft windows 11 24h2
Microsoft windows 11 25h2

Wed, 14 Jan 2026 20:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 13 Jan 2026 18:15:00 +0000

Type Values Removed Values Added
Description Untrusted pointer dereference in Windows Virtualization-Based Security (VBS) Enclave allows an authorized attacker to elevate privileges locally.
Title Windows Virtualization-Based Security (VBS) Enclave Elevation of Privilege Vulnerability
First Time appeared Microsoft
Microsoft windows 11 23h2
Microsoft windows 11 24h2
Microsoft windows 11 2h2
Weaknesses CWE-822
CPEs cpe:2.3:o:microsoft:windows_11_23H2:*:*:*:*:*:*:arm64:*
cpe:2.3:o:microsoft:windows_11_23H2:*:*:*:*:*:*:x64:*
cpe:2.3:o:microsoft:windows_11_24H2:*:*:*:*:*:*:arm64:*
cpe:2.3:o:microsoft:windows_11_2H2:*:*:*:*:*:*:x64:*
Vendors & Products Microsoft
Microsoft windows 11 23h2
Microsoft windows 11 24h2
Microsoft windows 11 2h2
References
Metrics cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C'}

Subscriptions

Microsoft Windows 11 23h2 Windows 11 23h2 Windows 11 24h2 Windows 11 24h2 Windows 11 25h2 Windows 11 2h2
cve-icon MITRE

Status: PUBLISHED

Assigner: microsoft

Published:

Updated: 2026-04-01T13:48:53.770Z

Reserved: 2025-12-04T20:04:16.337Z

Link: CVE-2026-20938

cve-icon Vulnrichment

Updated: 2026-01-13T19:33:04.337Z

cve-icon NVD

Status : Analyzed

Published: 2026-01-13T18:16:20.980

Modified: 2026-01-16T15:47:57.130

Link: CVE-2026-20938

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-16T08:30:29Z

Weaknesses