MICROSOFT-CVE-2026-20826

HIGH7.8

Tablet Windows User Interface (TWINUI) Subsystem Information Disclosure Vulnerability

Published Jan 13, 2026

Modified Yesterday

Details

Concurrent execution using shared resource with improper synchronization ('race condition') in Tablet Windows User Interface (TWINUI) Subsystem allows an authorized attacker to elevate privileges locally.

References

ADVISORY

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20826

CVSS Analysis

CVSS v2.0

7.8

Upstream

CVE-2026-20826

Ecosystems

Timeline

PublishedJan 13, 2026

ModifiedApr 30, 2026