Threat Entry Updated 2026-01-15

CVE-2026-20824 - Windows Server 2016 Plugin

Protection mechanism failure in Windows Remote Assistance allows an unauthorized attacker to bypass a security feature locally.

PLUGIN Windows Server 2016

CVE-2026-20824

MEDIUM CVSS 5.5 2026-01-13

Risk Score

Open Full Technical Breakdown

Threat Entry Updated 2026-01-15

CVE-2026-20823 - Windows Server 2016 Plugin

Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an authorized attacker to disclose information locally.

PLUGIN Windows Server 2016

CVE-2026-20823

MEDIUM CVSS 5.5 2026-01-13

Risk Score

Open Full Technical Breakdown

Threat Entry Updated 2026-01-14

CVE-2026-20816 - Windows Server 2016 Plugin

Time-of-check time-of-use (toctou) race condition in Windows Installer allows an authorized attacker to elevate privileges locally.

PLUGIN Windows Server 2016

CVE-2026-20816

HIGH CVSS 7.8 2026-01-13

Risk Score

Open Full Technical Breakdown

Threat Entry Updated 2026-01-14

CVE-2026-20814 - Windows Server 2016 Plugin

Concurrent execution using shared resource with improper synchronization ('race condition') in Graphics Kernel allows an authorized attacker to elevate privileges locally.

PLUGIN Windows Server 2016

CVE-2026-20814

HIGH CVSS 7.0 2026-01-13

Risk Score

Open Full Technical Breakdown

Threat Entry Updated 2026-01-14

CVE-2026-20818 - Windows Server 2016 Plugin

Insertion of sensitive information into log file in Windows Kernel allows an unauthorized attacker to disclose information locally.

PLUGIN Windows Server 2016

CVE-2026-20818

MEDIUM CVSS 6.2 2026-01-13

Risk Score

Open Full Technical Breakdown

Threat Entry Updated 2026-01-14

CVE-2026-20809 - Windows Server 2016 Plugin

Time-of-check time-of-use (toctou) race condition in Windows Kernel Memory allows an authorized attacker to elevate privileges locally.

PLUGIN Windows Server 2016

CVE-2026-20809

HIGH CVSS 7.8 2026-01-13

Risk Score

Open Full Technical Breakdown

Threat Entry Updated 2026-01-14

CVE-2026-20812 - Windows Server 2016 Plugin

Improper input validation in Windows LDAP - Lightweight Directory Access Protocol allows an authorized attacker to perform tampering over a network.

PLUGIN Windows Server 2016

CVE-2026-20812

MEDIUM CVSS 6.5 2026-01-13

Risk Score

Open Full Technical Breakdown

Threat Entry Updated 2026-01-14

CVE-2026-20805 - Windows Server 2016 Plugin

Exposure of sensitive information to an unauthorized actor in Desktop Windows Manager allows an authorized attacker to disclose information locally.

PLUGIN Windows Server 2016

CVE-2026-20805

MEDIUM CVSS 5.5 2026-01-13

Risk Score

Open Full Technical Breakdown

Threat Entry Updated 2026-01-14

CVE-2026-20804 - Windows Server 2016 Plugin

Incorrect privilege assignment in Windows Hello allows an unauthorized attacker to perform tampering locally.

PLUGIN Windows Server 2016

CVE-2026-20804

HIGH CVSS 7.7 2026-01-13

Risk Score

Open Full Technical Breakdown

Threat Entry Updated 2026-01-14

CVE-2026-0386 - Windows Server 2016 Plugin

Improper access control in Windows Deployment Services allows an unauthorized attacker to execute code over an adjacent network.

PLUGIN Windows Server 2016

CVE-2026-0386

HIGH CVSS 7.5 2026-01-13

Risk Score

Open Full Technical Breakdown