CVE-2026-20962

Unknown Unknown - Not Provided

Uninitialized Resource Disclosure in Microsoft DRTM Component

Publication date: 2026-01-13

Last updated on: 2026-01-13

Assigner: Microsoft Corporation

Description

Use of uninitialized resource in Dynamic Root of Trust for Measurement (DRTM) allows an authorized attacker to disclose information locally.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published

2026-01-13

Last Modified

2026-01-13

Generated

2026-05-07

AI Q&A

2026-01-14

EPSS Evaluated

2026-05-05

NVD

CVE-2026-20962

Affected Vendors & Products

Vendor	Product	Version / Range
microsoft	dynamic_root_of_trust_for_measurement	*

Helpful Resources

Exploitability

CWE

KEV

CWE ID	Description
CWE-908	The product uses or accesses a resource that has not been initialized.

Attack-Flow Graph

AI Powered Q&A

How can this vulnerability impact me? :

The vulnerability can lead to local information disclosure by an authorized attacker, potentially exposing sensitive data. [1]

Can you explain this vulnerability to me?

This vulnerability involves the use of an uninitialized resource in the Dynamic Root of Trust for Measurement (DRTM), which allows an authorized attacker to locally disclose information. [1]

Ask Our AI Assistant

Need more information? Ask your question to get an AI reply (Powered by our expertise)

0/70

CVE-2026-20962

Uninitialized Resource Disclosure in Microsoft DRTM Component

Description

CVSS Scores

EPSS Scores

Meta Information

Affected Vendors & Products

Helpful Resources

Exploitability

Attack-Flow Graph

AI Powered Q&A

Ask Our AI Assistant

EPSS Chart