CVE-2026-20808

{
    "cve": {
        "id": "CVE-2026-20808",
        "cveTags": [],
        "metrics": {
            "cvssMetricV31": [
                {
                    "type": "Primary",
                    "source": "secure@microsoft.com",
                    "cvssData": {
                        "scope": "UNCHANGED",
                        "version": "3.1",
                        "baseScore": 7,
                        "attackVector": "LOCAL",
                        "baseSeverity": "HIGH",
                        "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
                        "integrityImpact": "HIGH",
                        "userInteraction": "NONE",
                        "attackComplexity": "HIGH",
                        "availabilityImpact": "HIGH",
                        "privilegesRequired": "LOW",
                        "confidentialityImpact": "HIGH"
                    },
                    "impactScore": 5.9,
                    "exploitabilityScore": 1
                }
            ]
        },
        "published": "2026-01-13T18:16:07.197",
        "references": [
            {
                "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20808",
                "tags": [
                    "Vendor Advisory"
                ],
                "source": "secure@microsoft.com"
            }
        ],
        "vulnStatus": "Analyzed",
        "weaknesses": [
            {
                "type": "Primary",
                "source": "secure@microsoft.com",
                "description": [
                    {
                        "lang": "en",
                        "value": "CWE-362"
                    }
                ]
            }
        ],
        "descriptions": [
            {
                "lang": "en",
                "value": "Concurrent execution using shared resource with improper synchronization ('race condition') in Printer Association Object allows an authorized attacker to elevate privileges locally."
            }
        ],
        "lastModified": "2026-01-14T20:10:29.687",
        "configurations": [
            {
                "nodes": [
                    {
                        "negate": false,
                        "cpeMatch": [
                            {
                                "criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:*:*",
                                "vulnerable": true,
                                "matchCriteriaId": "D249551B-1433-4E5E-A587-40F782E91E09",
                                "versionEndExcluding": "10.0.26100.7623"
                            },
                            {
                                "criteria": "cpe:2.3:o:microsoft:windows_11_25h2:*:*:*:*:*:*:*:*",
                                "vulnerable": true,
                                "matchCriteriaId": "22082D4E-E68F-4E48-98FB-42DFDEE2E2A8",
                                "versionEndExcluding": "10.0.26200.7623"
                            },
                            {
                                "criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
                                "vulnerable": true,
                                "matchCriteriaId": "BA5947E0-C44C-4517-A307-DA79752F30A8",
                                "versionEndExcluding": "10.0.25398.2092"
                            },
                            {
                                "criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*",
                                "vulnerable": true,
                                "matchCriteriaId": "D44880ED-E8E9-49A8-BD56-503C63D40000",
                                "versionEndExcluding": "10.0.26100.32230"
                            }
                        ],
                        "operator": "OR"
                    }
                ]
            }
        ],
        "sourceIdentifier": "secure@microsoft.com"
    }
}