Autor: Peter Leibling

CVE-2026-20848 Windows SMB Server Elevation of Privilege Vulnerability

Concurrent execution using shared resource with improper synchronization (‚race condition‘) in Windows SMB Server allows an authorized attacker to elevate privileges over a network.

[NEU] [kritisch] Fortinet FortiSIEM: Schwachstelle ermöglicht Ausführen von beliebigem Programmcode mit den Rechten des Dienstes

Ein entfernter, anonymer Angreifer kann eine Schwachstelle in Fortinet FortiSIEM ausnutzen, um beliebigen Programmcode mit den Rechten des Dienstes auszuführen.

[NEU] [mittel] Fortinet FortiVoice: Schwachstelle ermöglicht Manipulation von Dateien

Ein entfernter, authentisierter Angreifer kann eine Schwachstelle in Fortinet FortiVoice ausnutzen, um Dateien zu manipulieren oder zu löschen.

CVE-2026-20951 Microsoft SharePoint Server Remote Code Execution Vulnerability

Improper input validation in Microsoft Office SharePoint allows an unauthorized attacker to execute code locally.

CVE-2026-20863 Win32k Elevation of Privilege Vulnerability

Double free in Windows Win32K – ICOMP allows an authorized attacker to elevate privileges locally.

CVE-2026-20851 Capability Access Management Service (camsvc) Information Disclosure Vulnerability

Out-of-bounds read in Capability Access Management Service (camsvc) allows an unauthorized attacker to disclose information locally.

CVE-2026-20940 Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability

Heap-based buffer overflow in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally.

CVE-2026-20934 Windows SMB Server Elevation of Privilege Vulnerability

Concurrent execution using shared resource with improper synchronization (‚race condition‘) in Windows SMB Server allows an authorized attacker to elevate privileges over a network.

CVE-2026-20935 Windows Virtualization-Based Security (VBS) Information Disclosure Vulnerability

Untrusted pointer dereference in Windows Virtualization-Based Security (VBS) Enclave allows an unauthorized attacker to disclose information locally.

CVE-2026-20823 Windows File Explorer Information Disclosure Vulnerability

Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an authorized attacker to disclose information locally.