1. Home
  2. Vulnerabilities
  3. CVE-2026-20805
Known Exploited Vulnerability
5.5
MEDIUM CVSS 3.1
CVE-2026-20805
Microsoft Windows Information Disclosure Vulnerability - [Actively Exploited]
Description

Exposure of sensitive information to an unauthorized actor in Desktop Windows Manager allows an authorized attacker to disclose information locally.

INFO

Published Date :

Jan. 13, 2026, 6:16 p.m.

Last Modified :

Jan. 14, 2026, 1:44 p.m.

Remotely Exploit :

No

Source :

[email protected]
CISA Notification
CISA KEV (Known Exploited Vulnerabilities)

For the benefit of the cybersecurity community and network defenders—and to help every organization better manage vulnerabilities and keep pace with threat activity—CISA maintains the authoritative source of vulnerabilities that have been exploited in the wild.

Description :

Microsoft Windows Desktop Windows Manager contains an information disclosure vulnerability that allows an authorized attacker to disclose information locally.

Required Action :

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Notes :

https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-20805 ; https://nvd.nist.gov/vuln/detail/CVE-2026-20805

Affected Products

The following products are affected by CVE-2026-20805 vulnerability. Even if cvefeed.io is aware of the exact versions of the products that are affected, the information is not represented in the table below.

ID Vendor Product Action
1 Microsoft windows_server_2012
2 Microsoft windows_server_2016
3 Microsoft windows_server_2019
4 Microsoft windows_10_1607
5 Microsoft windows_10_1809
6 Microsoft windows_10_21h2
7 Microsoft windows_10_22h2
8 Microsoft windows_server_2022
9 Microsoft windows_11_23h2
10 Microsoft windows_server_2022_23h2
11 Microsoft windows_server_23h2
12 Microsoft windows_server_2012_r2
13 Microsoft windows_11_24h2
14 Microsoft windows_server_2025
15 Microsoft windows_11_25h2
: Total Affected Vendor : 1 | Products : 15
CVSS Scores
The Common Vulnerability Scoring System is a standardized framework for assessing the severity of vulnerabilities in software and systems. We collect and displays CVSS scores from various sources for each CVE.
Score Version Severity Vector Exploitability Score Impact Score Source
CVSS 3.1 MEDIUM f38d906d-7342-40ea-92c1-6c4a2c6478c8
CVSS 3.1 MEDIUM [email protected]
Solution
Install the latest Windows security updates to address this vulnerability.
  • Install Windows security updates.
Public PoC/Exploit Available at Github

CVE-2026-20805 has a 11 public PoC/Exploit available at Github. Go to the Public Exploits tab to see the list.

References to Advisories, Solutions, and Tools

Here, you will find a curated list of external links that provide in-depth information, practical solutions, and valuable tools related to CVE-2026-20805.

URL Resource
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20805 Vendor Advisory
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-20805 US Government Resource
CWE - Common Weakness Enumeration

While CVE identifies specific instances of vulnerabilities, CWE categorizes the common flaws or weaknesses that can lead to vulnerabilities. CVE-2026-20805 is associated with the following CWEs:

Common Attack Pattern Enumeration and Classification (CAPEC)

Common Attack Pattern Enumeration and Classification (CAPEC) stores attack patterns, which are descriptions of the common attributes and approaches employed by adversaries to exploit the CVE-2026-20805 weaknesses.

CAPEC-13: Subverting Environment Variable Values Subverting Environment Variable Values CAPEC-22: Exploiting Trust in Client Exploiting Trust in Client CAPEC-59: Session Credential Falsification through Prediction Session Credential Falsification through Prediction CAPEC-60: Reusing Session IDs (aka Session Replay) Reusing Session IDs (aka Session Replay) CAPEC-79: Using Slashes in Alternate Encoding Using Slashes in Alternate Encoding CAPEC-116: Excavation Excavation CAPEC-169: Footprinting Footprinting CAPEC-224: Fingerprinting Fingerprinting CAPEC-285: ICMP Echo Request Ping ICMP Echo Request Ping CAPEC-287: TCP SYN Scan TCP SYN Scan CAPEC-290: Enumerate Mail Exchange (MX) Records Enumerate Mail Exchange (MX) Records CAPEC-291: DNS Zone Transfers DNS Zone Transfers CAPEC-292: Host Discovery Host Discovery CAPEC-293: Traceroute Route Enumeration Traceroute Route Enumeration CAPEC-294: ICMP Address Mask Request ICMP Address Mask Request CAPEC-295: Timestamp Request Timestamp Request CAPEC-296: ICMP Information Request ICMP Information Request CAPEC-297: TCP ACK Ping TCP ACK Ping CAPEC-298: UDP Ping UDP Ping CAPEC-299: TCP SYN Ping TCP SYN Ping CAPEC-300: Port Scanning Port Scanning CAPEC-301: TCP Connect Scan TCP Connect Scan CAPEC-302: TCP FIN Scan TCP FIN Scan CAPEC-303: TCP Xmas Scan TCP Xmas Scan CAPEC-304: TCP Null Scan TCP Null Scan CAPEC-305: TCP ACK Scan TCP ACK Scan CAPEC-306: TCP Window Scan TCP Window Scan CAPEC-307: TCP RPC Scan TCP RPC Scan CAPEC-308: UDP Scan UDP Scan CAPEC-309: Network Topology Mapping Network Topology Mapping CAPEC-310: Scanning for Vulnerable Software Scanning for Vulnerable Software CAPEC-312: Active OS Fingerprinting Active OS Fingerprinting CAPEC-313: Passive OS Fingerprinting Passive OS Fingerprinting CAPEC-317: IP ID Sequencing Probe IP ID Sequencing Probe CAPEC-318: IP 'ID' Echoed Byte-Order Probe IP 'ID' Echoed Byte-Order Probe CAPEC-319: IP (DF) 'Don't Fragment Bit' Echoing Probe IP (DF) 'Don't Fragment Bit' Echoing Probe CAPEC-320: TCP Timestamp Probe TCP Timestamp Probe CAPEC-321: TCP Sequence Number Probe TCP Sequence Number Probe CAPEC-322: TCP (ISN) Greatest Common Divisor Probe TCP (ISN) Greatest Common Divisor Probe CAPEC-323: TCP (ISN) Counter Rate Probe TCP (ISN) Counter Rate Probe CAPEC-324: TCP (ISN) Sequence Predictability Probe TCP (ISN) Sequence Predictability Probe CAPEC-325: TCP Congestion Control Flag (ECN) Probe TCP Congestion Control Flag (ECN) Probe CAPEC-326: TCP Initial Window Size Probe TCP Initial Window Size Probe CAPEC-327: TCP Options Probe TCP Options Probe CAPEC-328: TCP 'RST' Flag Checksum Probe TCP 'RST' Flag Checksum Probe CAPEC-329: ICMP Error Message Quoting Probe ICMP Error Message Quoting Probe CAPEC-330: ICMP Error Message Echoing Integrity Probe ICMP Error Message Echoing Integrity Probe CAPEC-472: Browser Fingerprinting Browser Fingerprinting CAPEC-497: File Discovery File Discovery CAPEC-508: Shoulder Surfing Shoulder Surfing CAPEC-573: Process Footprinting Process Footprinting CAPEC-574: Services Footprinting Services Footprinting CAPEC-575: Account Footprinting Account Footprinting CAPEC-576: Group Permission Footprinting Group Permission Footprinting CAPEC-577: Owner Footprinting Owner Footprinting CAPEC-616: Establish Rogue Location Establish Rogue Location CAPEC-643: Identify Shared Files/Directories on System Identify Shared Files/Directories on System CAPEC-646: Peripheral Footprinting Peripheral Footprinting CAPEC-651: Eavesdropping Eavesdropping

We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).

Profile Photo
SimoesCTT/The-SCTT-Master-Registry

None

Updated: 2 days, 23 hours ago
0 stars 0 fork 0 watcher
Born at : Jan. 31, 2026, 7:15 a.m. This repo has been linked 3 different CVEs too.
Profile Photo
SimoesCTT/SCTT-2026-33-0002-DWM-Visual-Field-Singularity

Microsoft just patched CVE-2026-20805 and CVE-2026-20871 in January 2026 to stop "Information Disclosure" and "Use-After-Free" bugs in DWM. They think they've secured the "Visual Boundary." We are about to prove that a 33-layer resonance can turn those visual buffers into a liquid pipeline for SCTT-2026-33-0002.

Python

Updated: 3 days ago
0 stars 0 fork 0 watcher
Born at : Jan. 31, 2026, 6:52 a.m. This repo has been linked 2 different CVEs too.
Profile Photo
SimoesCTT/-SCTT-2026-33-0002-DWM-Visual-Field-Singularity

### 📡 Theoretical Classification **ID:** SCTT-2026-33-0002 **Researcher:** Americo Simoes (SimoesCTT) **Physics:** Theorem 4.2 - Turbulent Phase Transition (TPT) **Constant:** α = 0.0302011 **Target:** Desktop Window Manager (dwm.exe) / Windows Graphics Component **Obsoletes:** CVE-2026-20805 & CVE-2026-20871 (Visual-Latch Patches)

Python

Updated: 3 days ago
0 stars 0 fork 0 watcher
Born at : Jan. 31, 2026, 6:40 a.m. This repo has been linked 2 different CVEs too.
Profile Photo
SimoesCTT/Vortex-DWM-ASLR-Killer

vortex_dwm.py (The ASLR-Defeat Core) ​This script targets the ALPC (Advanced Local Procedure Call) port used by the Desktop Window Manager. It utilizes the \alpha=0.0302 timing constant to intercept the memory section handle during a state-restoration cycle.

Python

Updated: 3 days, 19 hours ago
0 stars 0 fork 0 watcher
Born at : Jan. 30, 2026, 11:20 a.m. This repo has been linked 3 different CVEs too.
Profile Photo
SimoesCTT/CTT-Memory-Vortex-20805

exploit.py (The Displacement Engine) ​This script utilizes the \alpha=0.0302 constant to induce a "Spectral Leak" in process memory. It maps the 33 fractal layers of the memory buffer to bypass the newly implemented 2026 ALPC (Advanced Local Procedure Call) integrity checks.

Python

Updated: 3 days, 21 hours ago
0 stars 0 fork 0 watcher
Born at : Jan. 30, 2026, 9:54 a.m. This repo has been linked 1 different CVEs too.
Profile Photo
mrk336/Inside-CVE-2026-20805-How-a-Windows-DWM-Flaw-Exposed-Sensitive-Data

CVE‑2026‑20805: A Windows Desktop Window Manager flaw causing local information disclosure. Requires low privileges, no user interaction. Rated CVSS 5.5 (Medium). Actively exploited and listed in CISA KEV; patch released January 2026.

Updated: 6 days, 3 hours ago
0 stars 0 fork 0 watcher
Born at : Jan. 28, 2026, 3:50 a.m. This repo has been linked 1 different CVEs too.
Profile Photo
Uzair-Baig0900/CVE-2026-20805-PoC

The PoC of information disclosure in Microsoft Desktop Windows Management.

alpc cve dwm exploits information-disclosure kaslr poc red-team vapt windows windows-kernal

Python

Updated: 2 weeks ago
0 stars 0 fork 0 watcher
Born at : Jan. 19, 2026, 7:16 p.m. This repo has been linked 1 different CVEs too.
Profile Photo
fevar54/CVE-2026-20805-POC

# CVE-2026-20805 PoC Prueba de concepto para la vulnerabilidad de divulgación de información en **Desktop Windows Manager (dwm.exe)** de Microsoft. ## 📋 Resumen de la Vulnerabilidad - **ID:** CVE-2026-20805 - **Producto:** Microsoft Windows

Updated: 2 weeks, 4 days ago
5 stars 1 fork 1 watcher
Born at : Jan. 14, 2026, 1:26 p.m. This repo has been linked 1 different CVEs too.
Profile Photo
MehdiLeDeaut/CVE-2026-Dashboard

Interactive visualization - CVE-2026 chain attack demo

HTML

Updated: 2 weeks, 5 days ago
0 stars 0 fork 0 watcher
Born at : Jan. 14, 2026, 11:12 a.m. This repo has been linked 4 different CVEs too.
Profile Photo
wkaandemir/Guvenlik-Rehberi

None

Updated: 21 hours, 56 minutes ago
21 stars 3 fork 3 watcher
Born at : Dec. 10, 2025, 4:24 p.m. This repo has been linked 20 different CVEs too.
Profile Photo
peterjiang36/peterjiang36

None

Updated: 1 week, 2 days ago
0 stars 0 fork 0 watcher
Born at : Dec. 22, 2024, 7:16 a.m. This repo has been linked 1 different CVEs too.

Results are limited to the first 15 repositories due to potential performance issues.

The following list is the news that have been mention CVE-2026-20805 vulnerability anywhere in the article.

  • The Register
Office zero-day exploited in the wild forces Microsoft OOB patch

Microsoft has issued an emergency Office patch after confirming a zero-day flaw is already being used in real world attacks. The flaw, tracked as CVE-2026-21509, and slapped with a CVSS score of 7.8, ... Read more

Published Date: Jan 27, 2026 (6 days, 20 hours ago)
  • The Cyber Express
Microsoft Releases Emergency Fix for Exploited Office Zero-Day

Microsoft has released an emergency fix for an actively-exploited zero-day vulnerability affecting Microsoft Office. The vulnerability, CVE-2026-21509, is labeled a Microsoft Office Security Feature B ... Read more

Published Date: Jan 26, 2026 (1 week ago)
  • hackread.com
Microsoft January 2026 Patch Tuesday: 115 Vulnerabilities Fixed

Microsoft has released its first Patch Tuesday of 2026, delivering a massive wave of security fixes to protect users from various digital threats. This month, the tech giant addressed 115 vulnerabilit ... Read more

Published Date: Jan 14, 2026 (2 weeks, 5 days ago)
  • The Hacker News
Microsoft Fixes 114 Windows Flaws in January 2026 Patch, One Actively Exploited

Microsoft on Tuesday rolled out its first security update for 2026, addressing 114 security flaws, including one vulnerability that it said has been actively exploited in the wild. Of the 114 flaws, e ... Read more

Published Date: Jan 14, 2026 (2 weeks, 5 days ago)
  • security.nl
Microsoft waarschuwt voor actief aangevallen informatielek in Windows

Microsoft waarschuwt voor een actief aangevallen informatielek in Windows en heeft beveiligingsupdates uitgebracht om het probleem te verhelpen. Daarnaast zijn tijdens de eerste patchdinsdag van 2026 ... Read more

Published Date: Jan 14, 2026 (2 weeks, 5 days ago)
  • CrowdStrike.com
January 2026 Patch Tuesday: 114 CVEs Patched Including 3 Zero-Days

Microsoft has addressed 114 vulnerabilities in its January 2026 security update release, including 112 newly patched CVEs and 2 updated advisories. This month's update addresses one actively exploited ... Read more

Published Date: Jan 14, 2026 (2 weeks, 6 days ago)
  • CybersecurityNews
Microsoft Desktop Window Manager 0-Day Vulnerability Exploited in the wild

Microsoft patched a critical zero-day information disclosure flaw in its Desktop Window Manager (DWM) on January 13, 2026, in the Patch Tuesday update after detecting active exploitation in the wild. ... Read more

Published Date: Jan 14, 2026 (2 weeks, 6 days ago)
  • TheCyberThrone
Microsoft Patch Tuesday – January 2026

January 14, 2026Microsoft’s January 13, 2026, Patch Tuesday release addresses 114 vulnerabilities, including one actively exploited zero-day in Desktop Window Manager, eight critical flaws, and three ... Read more

Published Date: Jan 14, 2026 (2 weeks, 6 days ago)
  • The Register
Windows info-disclosure 0-day bug gets a fix as CISA sounds alarm

Microsoft and Uncle Sam have warned that a Windows bug disclosed today is already under attack. The flaw, tracked as CVE-2026-20805 and discovered by Microsoft's own threat intel team, allows an autho ... Read more

Published Date: Jan 14, 2026 (2 weeks, 6 days ago)
  • Daily CyberSecurity
Patch Tuesday Jan 2026: Microsoft Fixes 114 Flaws & 3 Zero-Days

Microsoft has kicked off 2026 with a massive security update, addressing a total of 114 vulnerabilities in its January Patch Tuesday release. The update includes eight critical flaws and 106 important ... Read more

Published Date: Jan 14, 2026 (2 weeks, 6 days ago)
  • The Cyber Express
Microsoft Patch Tuesday January 2026: Actively Exploited Zero Day, 8 High-Risk Flaws

Microsoft’s Patch Tuesday January 2026 update includes fixes for one actively-exploited zero day vulnerability and eight additional high-risk flaws. In all, the Patch Tuesday January 2026 update inclu ... Read more

Published Date: Jan 13, 2026 (2 weeks, 6 days ago)
  • Zero Day Initiative
The January 2026 Security Update Review

I may be in Tokyo preparing for Pwn2Own Automotive, but that doesn’t stop patch Tuesday from coming. Put aside you broken New Year’s resolutions for just a moment as we review the latest security patc ... Read more

Published Date: Jan 13, 2026 (2 weeks, 6 days ago)
  • BleepingComputer
Microsoft January 2026 Patch Tuesday fixes 3 zero-days, 114 flaws

Today is Microsoft's January 2026 Patch Tuesday with security updates for 114 flaws, including one actively exploited and two publicly disclosed zero-day vulnerabilities.This Patch Tuesday also addres ... Read more

Published Date: Jan 13, 2026 (2 weeks, 6 days ago)
  • CybersecurityNews
Microsoft Patch Tuesday January 2026 – 114 Vulnerabilities Fixed Including 3 Zero-days

CVE-2026-20822Windows Graphics Component Elevation of Privilege VulnerabilityElevation of PrivilegeCVE-2026-20876Windows Virtualization-Based Security (VBS) Enclave Elevation of Privilege Vulnerabilit ... Read more

Published Date: Jan 13, 2026 (2 weeks, 6 days ago)

Results are limited to the first 20 news articles due to potential performance issues.

The following table lists the changes that have been made to the CVE-2026-20805 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.

  • Initial Analysis by [email protected]

    Jan. 14, 2026

    Action Type Old Value New Value
    Added CPE Configuration OR *cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:* *cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:* *cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:* versions up to (excluding) 10.0.14393.8783 *cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:* versions up to (excluding) 10.0.14393.8783 *cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:* versions up to (excluding) 10.0.17763.8276 *cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:* versions up to (excluding) 10.0.17763.8276 *cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:* versions up to (excluding) 10.0.19044.6809 *cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:* versions up to (excluding) 10.0.19045.6809 *cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:* versions up to (excluding) 10.0.22631.6491 *cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:*:* versions up to (excluding) 10.0.26100.7623 *cpe:2.3:o:microsoft:windows_11_25h2:*:*:*:*:*:*:*:* versions up to (excluding) 10.0.26200.7623 *cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:* versions up to (excluding) 10.0.14393.8783 *cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:* versions up to (excluding) 10.0.17763.8276 *cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:* versions up to (excluding) 10.0.20348.4648 *cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:* versions up to (excluding) 10.0.25398.2092 *cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:* versions up to (excluding) 10.0.26100.7623
    Added Reference Type Microsoft Corporation: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20805 Types: Vendor Advisory
    Added Reference Type CISA-ADP: https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-20805 Types: US Government Resource
  • CVE Modified by 134c704f-9b21-4f2e-91b3-4a467353bcc0

    Jan. 13, 2026

    Action Type Old Value New Value
    Added Reference https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-20805
  • New CVE Received by [email protected]

    Jan. 13, 2026

    Action Type Old Value New Value
    Added Description Exposure of sensitive information to an unauthorized actor in Desktop Windows Manager allows an authorized attacker to disclose information locally.
    Added CVSS V3.1 AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
    Added CWE CWE-200
    Added Reference https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20805
EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days. Following chart shows the EPSS score history of the vulnerability.
Vulnerability Scoring Details
Base CVSS Score: 5.5
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact