CVE-2026-20709
Received Received - Intake
Use of Default Cryptographic Key in Intel Processors Enables Privilege Escalation

Publication date: 2026-04-08

Last updated on: 2026-04-08

Assigner: Intel Corporation

Description
Use of Default Cryptographic Key in the hardware for some Intel(R) Pentium(R) Processor Silver Series, Intel(R) Celeron(R) Processor J Series, Intel(R) Celeron(R) Processor N Series may allow an escalation of privilege. Hardware reverse engineer adversary with a privileged user combined with a high complexity attack may enable escalation of privilege. This result may potentially occur via physical access when attack requirements are present with special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (high), integrity (none) and availability (none) of the vulnerable system, resulting in subsequent system confidentiality (high), integrity (high) and availability (none) impacts.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-08
Last Modified
2026-04-08
Generated
2026-05-07
AI Q&A
2026-04-08
EPSS Evaluated
2026-05-05
NVD
CVE-2026-20709
EUVD
EUVD-2026-20538
Affected Vendors & Products
Showing 3 associated CPEs
Vendor Product Version / Range
intel pentium_processor_silver_series *
intel celerion_processor_j_series *
intel celerion_processor_n_series *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-1394 The product uses a default cryptographic key for potentially critical functionality.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability involves the use of a default cryptographic key embedded in the hardware of certain Intel processors, specifically the Pentium Processor Silver Series, Celeron Processor J Series, and Celeron Processor N Series.

An attacker who is a hardware reverse engineer with privileged user access and specialized internal knowledge can exploit this vulnerability to escalate their privileges on the system.

The attack requires physical access to the hardware and is considered high complexity, with no user interaction needed.


How can this vulnerability impact me? :

This vulnerability can impact the confidentiality of the system at a high level, potentially allowing unauthorized access to sensitive information.

While the initial description states no impact on integrity and availability, subsequent impacts may include high integrity compromise.

Overall, the vulnerability may lead to escalation of privilege, compromising system confidentiality and integrity without affecting availability.


How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:

This vulnerability impacts the confidentiality of the affected systems at a high level, which could potentially lead to unauthorized access to sensitive data.

Since standards and regulations like GDPR and HIPAA emphasize the protection of sensitive personal and health information, a compromise in confidentiality due to this vulnerability may affect compliance with these regulations.

However, the vulnerability requires physical access and a high complexity attack with privileged user access, which may limit the practical risk.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart