CVE-2026-20869
HIGHWindows Local Session Manager - Privilege Escalation
Title source: llmDescription
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Local Session Manager (LSM) allows an authorized attacker to elevate privileges locally.
Scores
CVSS v3
7.0
EPSS
0.0003
EPSS Percentile
6.4%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Classification
CWE
CWE-362
Status
published
Affected Products (19)
microsoft/windows_10_1607
< 10.0.14393.8783
microsoft/windows_10_1607
< 10.0.14393.8783
microsoft/windows_10_1809
< 10.0.17763.8276
microsoft/windows_10_1809
< 10.0.17763.8276
microsoft/windows_10_21h2
< 10.0.19044.6809
microsoft/windows_10_22h2
< 10.0.19045.6809
microsoft/windows_11_23h2
< 10.0.22631.6491
microsoft/windows_11_24h2
< 10.0.26100.7623
microsoft/windows_11_25h2
< 10.0.26200.7623
microsoft/windows_server_2008
microsoft/windows_server_2008
microsoft/windows_server_2008
microsoft/windows_server_2012
microsoft/windows_server_2012
microsoft/windows_server_2016
< 10.0.14393.8783
... and 4 more
Timeline
Published
Jan 13, 2026
Tracked Since
Feb 18, 2026