CVE-2026-20818
Sensitive Data Exposure via Log Injection in Windows Kernel
Publication date: 2026-01-13
Last updated on: 2026-01-13
Assigner: Microsoft Corporation
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| microsoft | windows_kernel | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-532 | The product writes sensitive information to a log file. |
Attack-Flow Graph
AI Powered Q&A
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability involves insertion of sensitive information into log files, which could lead to unauthorized local disclosure of sensitive data. This type of information disclosure may impact compliance with standards and regulations such as GDPR and HIPAA that require protection of sensitive information and prevention of unauthorized access or disclosure. [1]
Can you explain this vulnerability to me?
This vulnerability involves the insertion of sensitive information into a log file within the Windows Kernel, which allows an unauthorized attacker to locally disclose that sensitive information. [1]
How can this vulnerability impact me? :
The vulnerability can lead to information disclosure by allowing an unauthorized local attacker to access sensitive information that was improperly logged by the Windows Kernel. [1]