CVE-2026-20833
MEDIUMWindows Kerberos - Info Disclosure
Title source: llmDescription
Use of a broken or risky cryptographic algorithm in Windows Kerberos allows an authorized attacker to disclose information locally.
Exploits (1)
Scores
CVSS v3
5.5
EPSS
0.0003
EPSS Percentile
10.0%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-327
Status
published
Products (25)
microsoft/windows_server_2008
(2 CPE variants)
microsoft/windows_server_2008
r2 sp1
Microsoft/Windows Server 2008 R2 Service Pack 1
6.1.7601.0 - 6.1.7601.28117
Microsoft/Windows Server 2008 R2 Service Pack 1 (Server Core installation)
6.1.7601.0 - 6.1.7601.28117
Microsoft/Windows Server 2008 Service Pack 2
6.0.6003.0 - 6.0.6003.23717
Microsoft/Windows Server 2008 Service Pack 2 (Server Core installation)
6.0.6003.0 - 6.0.6003.23717
Microsoft/Windows Server 2012
6.2.9200.0 - 6.2.9200.25868
microsoft/windows_server_2012
microsoft/windows_server_2012
r2
Microsoft/Windows Server 2012 R2
6.3.9600.0 - 6.3.9600.22968
... and 15 more
Published
Jan 13, 2026
Tracked Since
Feb 18, 2026