CVE-2026-20860
Unknown
Unknown - Not Provided
Type Confusion in Windows WinSock Driver Enables Local Privilege Escalation
Publication date: 2026-01-13
Last updated on: 2026-01-13
Assigner: Microsoft Corporation
Description
Description
Access of resource using incompatible type ('type confusion') in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| microsoft | windows_ancillary_function_driver_for_winsock | * |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-843 | The product allocates or initializes a resource such as a pointer, object, or variable using one type, but it later accesses that resource using a type that is incompatible with the original type. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a type confusion issue in the Windows Ancillary Function Driver for WinSock. It allows an authorized local attacker to access resources using an incompatible type, which can lead to privilege escalation on the affected system.
How can this vulnerability impact me? :
An attacker who already has some level of access to the system could exploit this vulnerability to elevate their privileges, potentially gaining higher-level permissions and control over the system, which could lead to unauthorized actions and compromise of system integrity.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70