CVE-2026-20931

Summary

External control of file name or path in Windows Telephony Service allows an authorized attacker to elevate privileges over an adjacent network.

Affected Software

VendorProductVersion RangeStatus
MicrosoftWindows 10 Version 160710.0.14393.0 < 10.0.14393.8783affected
MicrosoftWindows 10 Version 180910.0.17763.0 < 10.0.17763.8276affected
MicrosoftWindows 10 Version 21H210.0.19044.0 < 10.0.19044.6809affected
MicrosoftWindows 10 Version 22H210.0.19045.0 < 10.0.19045.6809affected
MicrosoftWindows 11 version 22H310.0.22631.0 < 10.0.22631.6491affected
MicrosoftWindows 11 Version 23H210.0.22631.0 < 10.0.22631.6491affected
MicrosoftWindows 11 Version 24H210.0.26100.0 < 10.0.26100.7623affected
MicrosoftWindows 11 Version 25H210.0.26200.0 < 10.0.26200.7623affected
MicrosoftWindows Server 2008 R2 Service Pack 16.1.7601.0 < 6.1.7601.28117affected
MicrosoftWindows Server 2008 R2 Service Pack 1 (Server Core installation)6.1.7601.0 < 6.1.7601.28117affected
MicrosoftWindows Server 2008 Service Pack 26.0.6003.0 < 6.0.6003.23717affected
MicrosoftWindows Server 2008 Service Pack 2 (Server Core installation)6.0.6003.0 < 6.0.6003.23717affected
MicrosoftWindows Server 20126.2.9200.0 < 6.2.9200.25868affected
MicrosoftWindows Server 2012 (Server Core installation)6.2.9200.0 < 6.2.9200.25868affected
MicrosoftWindows Server 2012 R26.3.9600.0 < 6.3.9600.22968affected
MicrosoftWindows Server 2012 R2 (Server Core installation)6.3.9600.0 < 6.3.9600.22968affected
MicrosoftWindows Server 201610.0.14393.0 < 10.0.14393.8783affected
MicrosoftWindows Server 2016 (Server Core installation)10.0.14393.0 < 10.0.14393.8783affected
MicrosoftWindows Server 201910.0.17763.0 < 10.0.17763.8276affected
MicrosoftWindows Server 2019 (Server Core installation)10.0.17763.0 < 10.0.17763.8276affected
MicrosoftWindows Server 202210.0.20348.0 < 10.0.20348.4648affected
MicrosoftWindows Server 2022, 23H2 Edition (Server Core installation)10.0.25398.0 < 10.0.25398.2092affected
MicrosoftWindows Server 202510.0.26100.0 < 10.0.26100.32230affected
MicrosoftWindows Server 2025 (Server Core installation)10.0.26100.0 < 10.0.26100.32230affected

Weaknesses

  • CWE-73: CWE-73: External Control of File Name or Path

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

CVE Program Container

Additional References

References