CVE-2026-20838
Information Disclosure via Error Messages in Windows Kernel
Publication date: 2026-01-13
Last updated on: 2026-01-13
Assigner: Microsoft Corporation
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| microsoft | windows_kernel | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-209 | The product generates an error message that includes sensitive information about its environment, users, or associated data. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability involves the Windows Kernel generating error messages that contain sensitive information. An authorized attacker with local access can exploit this to disclose sensitive information. [1]
How can this vulnerability impact me? :
The vulnerability can lead to information disclosure, allowing an authorized local attacker to access sensitive information that should not be exposed. [1]
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability allows local disclosure of sensitive information through error messages in the Windows Kernel, which could potentially lead to non-compliance with standards and regulations that require protection of sensitive data, such as GDPR and HIPAA. However, specific impacts on compliance are not detailed in the provided resources. [1]