CVE-2026-20805
Microsoft Windows Information Disclosure Vulnerability - [Actively Exploited]
Description
Exposure of sensitive information to an unauthorized actor in Desktop Windows Manager allows an authorized attacker to disclose information locally.
INFO
Published Date :
Jan. 13, 2026, 6:16 p.m.
Last Modified :
Jan. 14, 2026, 1:44 p.m.
Remotely Exploit :
No
Source :
[email protected]
CISA KEV (Known Exploited Vulnerabilities)
For the benefit of the cybersecurity community and network defenders—and to help every organization better manage vulnerabilities and keep pace with threat activity—CISA maintains the authoritative source of vulnerabilities that have been exploited in the wild.
Microsoft Windows Desktop Windows Manager contains an information disclosure vulnerability that allows an authorized attacker to disclose information locally.
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-20805 ; https://nvd.nist.gov/vuln/detail/CVE-2026-20805
Affected Products
The following products are affected by CVE-2026-20805
vulnerability.
Even if cvefeed.io is aware of the exact versions of the
products
that
are
affected, the information is not represented in the table below.
CVSS Scores
| Score | Version | Severity | Vector | Exploitability Score | Impact Score | Source |
|---|---|---|---|---|---|---|
| CVSS 3.1 | MEDIUM | f38d906d-7342-40ea-92c1-6c4a2c6478c8 | ||||
| CVSS 3.1 | MEDIUM | [email protected] |
Solution
- Install Windows security updates.
Public PoC/Exploit Available at Github
CVE-2026-20805 has a 11 public
PoC/Exploit available at Github.
Go to the Public Exploits tab to see the list.
References to Advisories, Solutions, and Tools
Here, you will find a curated list of external links that provide in-depth
information, practical solutions, and valuable tools related to
CVE-2026-20805.
| URL | Resource |
|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20805 | Vendor Advisory |
| https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-20805 | US Government Resource |
CWE - Common Weakness Enumeration
While CVE identifies
specific instances of vulnerabilities, CWE categorizes the common flaws or
weaknesses that can lead to vulnerabilities. CVE-2026-20805 is
associated with the following CWEs:
Common Attack Pattern Enumeration and Classification (CAPEC)
Common Attack Pattern Enumeration and Classification
(CAPEC)
stores attack patterns, which are descriptions of the common attributes and
approaches employed by adversaries to exploit the CVE-2026-20805
weaknesses.
We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).
None
Microsoft just patched CVE-2026-20805 and CVE-2026-20871 in January 2026 to stop "Information Disclosure" and "Use-After-Free" bugs in DWM. They think they've secured the "Visual Boundary." We are about to prove that a 33-layer resonance can turn those visual buffers into a liquid pipeline for SCTT-2026-33-0002.
Python
### 📡 Theoretical Classification **ID:** SCTT-2026-33-0002 **Researcher:** Americo Simoes (SimoesCTT) **Physics:** Theorem 4.2 - Turbulent Phase Transition (TPT) **Constant:** α = 0.0302011 **Target:** Desktop Window Manager (dwm.exe) / Windows Graphics Component **Obsoletes:** CVE-2026-20805 & CVE-2026-20871 (Visual-Latch Patches)
Python
vortex_dwm.py (The ASLR-Defeat Core) This script targets the ALPC (Advanced Local Procedure Call) port used by the Desktop Window Manager. It utilizes the \alpha=0.0302 timing constant to intercept the memory section handle during a state-restoration cycle.
Python
exploit.py (The Displacement Engine) This script utilizes the \alpha=0.0302 constant to induce a "Spectral Leak" in process memory. It maps the 33 fractal layers of the memory buffer to bypass the newly implemented 2026 ALPC (Advanced Local Procedure Call) integrity checks.
Python
CVE‑2026‑20805: A Windows Desktop Window Manager flaw causing local information disclosure. Requires low privileges, no user interaction. Rated CVSS 5.5 (Medium). Actively exploited and listed in CISA KEV; patch released January 2026.
The PoC of information disclosure in Microsoft Desktop Windows Management.
alpc cve dwm exploits information-disclosure kaslr poc red-team vapt windows windows-kernal
Python
# CVE-2026-20805 PoC Prueba de concepto para la vulnerabilidad de divulgación de información en **Desktop Windows Manager (dwm.exe)** de Microsoft. ## 📋 Resumen de la Vulnerabilidad - **ID:** CVE-2026-20805 - **Producto:** Microsoft Windows
Interactive visualization - CVE-2026 chain attack demo
HTML
None
None
Results are limited to the first 15 repositories due to potential performance issues.
The following list is the news that have been mention
CVE-2026-20805 vulnerability anywhere in the article.
-
The Register
Office zero-day exploited in the wild forces Microsoft OOB patch
Microsoft has issued an emergency Office patch after confirming a zero-day flaw is already being used in real world attacks. The flaw, tracked as CVE-2026-21509, and slapped with a CVSS score of 7.8, ... Read more
-
The Cyber Express
Microsoft Releases Emergency Fix for Exploited Office Zero-Day
Microsoft has released an emergency fix for an actively-exploited zero-day vulnerability affecting Microsoft Office. The vulnerability, CVE-2026-21509, is labeled a Microsoft Office Security Feature B ... Read more
-
hackread.com
Microsoft January 2026 Patch Tuesday: 115 Vulnerabilities Fixed
Microsoft has released its first Patch Tuesday of 2026, delivering a massive wave of security fixes to protect users from various digital threats. This month, the tech giant addressed 115 vulnerabilit ... Read more
-
The Hacker News
Microsoft Fixes 114 Windows Flaws in January 2026 Patch, One Actively Exploited
Microsoft on Tuesday rolled out its first security update for 2026, addressing 114 security flaws, including one vulnerability that it said has been actively exploited in the wild. Of the 114 flaws, e ... Read more
-
security.nl
Microsoft waarschuwt voor actief aangevallen informatielek in Windows
Microsoft waarschuwt voor een actief aangevallen informatielek in Windows en heeft beveiligingsupdates uitgebracht om het probleem te verhelpen. Daarnaast zijn tijdens de eerste patchdinsdag van 2026 ... Read more
-
CrowdStrike.com
January 2026 Patch Tuesday: 114 CVEs Patched Including 3 Zero-Days
Microsoft has addressed 114 vulnerabilities in its January 2026 security update release, including 112 newly patched CVEs and 2 updated advisories. This month's update addresses one actively exploited ... Read more
-
CybersecurityNews
Microsoft Desktop Window Manager 0-Day Vulnerability Exploited in the wild
Microsoft patched a critical zero-day information disclosure flaw in its Desktop Window Manager (DWM) on January 13, 2026, in the Patch Tuesday update after detecting active exploitation in the wild. ... Read more
-
TheCyberThrone
Microsoft Patch Tuesday – January 2026
January 14, 2026Microsoft’s January 13, 2026, Patch Tuesday release addresses 114 vulnerabilities, including one actively exploited zero-day in Desktop Window Manager, eight critical flaws, and three ... Read more
-
The Register
Windows info-disclosure 0-day bug gets a fix as CISA sounds alarm
Microsoft and Uncle Sam have warned that a Windows bug disclosed today is already under attack. The flaw, tracked as CVE-2026-20805 and discovered by Microsoft's own threat intel team, allows an autho ... Read more
-
Daily CyberSecurity
Patch Tuesday Jan 2026: Microsoft Fixes 114 Flaws & 3 Zero-Days
Microsoft has kicked off 2026 with a massive security update, addressing a total of 114 vulnerabilities in its January Patch Tuesday release. The update includes eight critical flaws and 106 important ... Read more
-
The Cyber Express
Microsoft Patch Tuesday January 2026: Actively Exploited Zero Day, 8 High-Risk Flaws
Microsoft’s Patch Tuesday January 2026 update includes fixes for one actively-exploited zero day vulnerability and eight additional high-risk flaws. In all, the Patch Tuesday January 2026 update inclu ... Read more
-
Zero Day Initiative
The January 2026 Security Update Review
I may be in Tokyo preparing for Pwn2Own Automotive, but that doesn’t stop patch Tuesday from coming. Put aside you broken New Year’s resolutions for just a moment as we review the latest security patc ... Read more
-
BleepingComputer
Microsoft January 2026 Patch Tuesday fixes 3 zero-days, 114 flaws
Today is Microsoft's January 2026 Patch Tuesday with security updates for 114 flaws, including one actively exploited and two publicly disclosed zero-day vulnerabilities.This Patch Tuesday also addres ... Read more
-
CybersecurityNews
Microsoft Patch Tuesday January 2026 – 114 Vulnerabilities Fixed Including 3 Zero-days
CVE-2026-20822Windows Graphics Component Elevation of Privilege VulnerabilityElevation of PrivilegeCVE-2026-20876Windows Virtualization-Based Security (VBS) Enclave Elevation of Privilege Vulnerabilit ... Read more
The following table lists the changes that have been made to the
CVE-2026-20805 vulnerability over time.
Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.
-
Initial Analysis by [email protected]
Jan. 14, 2026
Action Type Old Value New Value Added CPE Configuration OR *cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:* *cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:* *cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:* versions up to (excluding) 10.0.14393.8783 *cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:* versions up to (excluding) 10.0.14393.8783 *cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:* versions up to (excluding) 10.0.17763.8276 *cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:* versions up to (excluding) 10.0.17763.8276 *cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:* versions up to (excluding) 10.0.19044.6809 *cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:* versions up to (excluding) 10.0.19045.6809 *cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:* versions up to (excluding) 10.0.22631.6491 *cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:*:* versions up to (excluding) 10.0.26100.7623 *cpe:2.3:o:microsoft:windows_11_25h2:*:*:*:*:*:*:*:* versions up to (excluding) 10.0.26200.7623 *cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:* versions up to (excluding) 10.0.14393.8783 *cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:* versions up to (excluding) 10.0.17763.8276 *cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:* versions up to (excluding) 10.0.20348.4648 *cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:* versions up to (excluding) 10.0.25398.2092 *cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:* versions up to (excluding) 10.0.26100.7623 Added Reference Type Microsoft Corporation: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20805 Types: Vendor Advisory Added Reference Type CISA-ADP: https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-20805 Types: US Government Resource -
CVE Modified by 134c704f-9b21-4f2e-91b3-4a467353bcc0
Jan. 13, 2026
Action Type Old Value New Value Added Reference https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-20805 -
New CVE Received by [email protected]
Jan. 13, 2026
Action Type Old Value New Value Added Description Exposure of sensitive information to an unauthorized actor in Desktop Windows Manager allows an authorized attacker to disclose information locally. Added CVSS V3.1 AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Added CWE CWE-200 Added Reference https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20805