CVE-2026-20805

MEDIUM SEVERITY

CVSS Score & Metrics

Base Score

5.5 / 10

Vector String

                                        CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N                                    

Exposure of sensitive information to an unauthorized actor in Desktop Windows Manager allows an authorized attacker to disclose information locally.

Published Date

January 13, 2026

Last Modified

January 14, 2026

CWE ID

CWE-200

Source

NVD

Vendor

microsoft

Product

windows_10_1607