CVE-2026-20860
HIGHWindows Ancillary Function Driver - Privilege Escalation
Title source: llmDescription
Access of resource using incompatible type ('type confusion') in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
Scores
CVSS v3
7.8
EPSS
0.0007
EPSS Percentile
22.0%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Classification
CWE
CWE-843
Status
published
Affected Products (19)
microsoft/windows_10_1607
< 10.0.14393.8783
microsoft/windows_10_1607
< 10.0.14393.8783
microsoft/windows_10_1809
< 10.0.17763.8276
microsoft/windows_10_1809
< 10.0.17763.8276
microsoft/windows_10_21h2
< 10.0.19044.6809
microsoft/windows_10_22h2
< 10.0.19045.6809
microsoft/windows_11_23h2
< 10.0.22631.6491
microsoft/windows_11_24h2
< 10.0.26100.7623
microsoft/windows_11_25h2
< 10.0.26200.7623
microsoft/windows_server_2008
microsoft/windows_server_2008
microsoft/windows_server_2008
microsoft/windows_server_2012
microsoft/windows_server_2012
microsoft/windows_server_2016
< 10.0.14393.8783
... and 4 more
Timeline
Published
Jan 13, 2026
Tracked Since
Feb 18, 2026