Autor: Peter Leibling

CVE-2026-21224 Azure Connected Machine Agent Elevation of Privilege Vulnerability

Stack-based buffer overflow in Azure Connected Machine Agent allows an authorized attacker to elevate privileges locally.

CVE-2026-20920 Win32k Elevation of Privilege Vulnerability

Use after free in Windows Win32K – ICOMP allows an authorized attacker to elevate privileges locally.

CVE-2026-20862 Windows Management Services Information Disclosure Vulnerability

Exposure of sensitive information to an unauthorized actor in Windows Management Services allows an authorized attacker to disclose information locally.

CVE-2026-20833 Windows Kerberos Information Disclosure Vulnerability

Use of a broken or risky cryptographic algorithm in Windows Kerberos allows an authorized attacker to disclose information locally.

CVE-2026-20937 Windows File Explorer Information Disclosure Vulnerability

Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an authorized attacker to disclose information locally.

CVE-2026-20922 Windows NTFS Remote Code Execution Vulnerability

Heap-based buffer overflow in Windows NTFS allows an authorized attacker to execute code locally.

CVE-2026-20873 Windows Management Services Elevation of Privilege Vulnerability

Concurrent execution using shared resource with improper synchronization (‚race condition‘) in Windows Management Services allows an authorized attacker to elevate privileges locally.

CVE-2026-20805 Desktop Window Manager Information Disclosure Vulnerability

Exposure of sensitive information to an unauthorized actor in Desktop Windows Manager allows an authorized attacker to disclose information locally.

CVE-2026-20959 Microsoft SharePoint Server Spoofing Vulnerability

Improper neutralization of input during web page generation (‚cross-site scripting‘) in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.