Vulnerability Identifier

CVE-2026-20815

2026-01-13

Severity Assessment

7.0

HIGH

CVSS v3.x Score

Clinical Analysis (Description)

Concurrent execution using shared resource with improper synchronization ('race condition') in Capability Access Management Service (camsvc) allows an authorized attacker to elevate privileges locally.

Vector Sequencing

Attack Parameters

Attack Vector

Local

Attack Complexity

High

Privileges Required

Low

User Interaction

None

Impact Consequences

Technical Impact

Unchanged

Scope

High

Confidentiality

High

Integrity

High

Availability

AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Weakness Classification

CWE-CWE-362

View CWE Details ↗

Affected Population

Affected Configurations

Total: 55 detected entries

Software List Scrollable

windows_server_2025

Vendor: microsoft • v10.0.26100.7623

windows_server_2025

Vendor: microsoft • v10.0.26100.6563

windows_server_2025

Vendor: microsoft • v10.0.26100.4652

windows_server_2025

Vendor: microsoft • v10.0.26100.6899

windows_server_2025

Vendor: microsoft • v10.0.26100.4061

windows_11_24h2

Vendor: microsoft • v10.0.26100.3981

windows_11_24h2

Vendor: microsoft • v10.0.26100.4061

windows_server_2025

Vendor: microsoft • v10.0.26100.3194

windows_server_2025

Vendor: microsoft • v10.0.26100.6508

windows_11_25h2

Vendor: microsoft • v10.0.26200.7171

windows_11_24h2

Vendor: microsoft • v10.0.26100.3403

windows_11_24h2

Vendor: microsoft • v10.0.26100.7171

windows_server_2025

Vendor: microsoft • v10.0.26100.2314

windows_11_24h2

Vendor: microsoft • v10.0.26100.4851

windows_11_24h2

Vendor: microsoft • v10.0.26100.2314

windows_server_2025

Vendor: microsoft • v10.0.26100.4270

windows_server_2025

Vendor: microsoft • v10.0.26100.3981

windows_server_2025

Vendor: microsoft • v10.0.26100.2605

windows_11_24h2

Vendor: microsoft • v10.0.26100.4270

windows_11_24h2

Vendor: microsoft • v10.0.26100.2033

windows_server_2025

Vendor: microsoft • v10.0.26100.2033

windows_11_24h2

Vendor: microsoft • v10.0.26100.6899

windows_11_24h2

Vendor: microsoft • v10.0.26100.2454

windows_server_2025

Vendor: microsoft • v10.0.26100.3775

windows_11_24h2

Vendor: microsoft • v10.0.26100.4652

windows_server_2025

Vendor: microsoft • v10.0.26100.3781

windows_11_25h2

Vendor: microsoft • v10.0.26200.7092

windows_11_24h2

Vendor: microsoft • v10.0.26100.6508

windows_server_2025

Vendor: microsoft • v10.0.26100.4946

windows_server_2025

Vendor: microsoft • v10.0.26100.4066

windows_11_24h2

Vendor: microsoft • v10.0.26100.1742

windows_11_24h2

Vendor: microsoft • v10.0.26100.3476

windows_11_24h2

Vendor: microsoft • v10.0.26100.2161

windows_server_2025

Vendor: microsoft • v10.0.26100.7092

windows_11_24h2

Vendor: microsoft • v10.0.26100.3775

windows_server_2025

Vendor: microsoft • v10.0.26100.4656

windows_11_24h2

Vendor: microsoft • v10.0.26100.2894

windows_server_2025

Vendor: microsoft • v10.0.26100.4851

windows_11_24h2

Vendor: microsoft • v10.0.26100.4349

windows_11_24h2

Vendor: microsoft • v10.0.26100.3194

windows_11_24h2

Vendor: microsoft • v10.0.26100.3107

windows_server_2025

Vendor: microsoft • v10.0.26100.3403

windows_server_2025

Vendor: microsoft • v10.0.26100.6584

windows_11_24h2

Vendor: microsoft • v10.0.26100.6584

windows_server_2025

Vendor: microsoft • v10.0.26100.3107

windows_server_2025

Vendor: microsoft • v10.0.26100.3476

windows_server_2025

Vendor: microsoft • v10.0.26100.7171

windows_11_24h2

Vendor: microsoft • v10.0.26100.7092

windows_server_2025

Vendor: microsoft • v10.0.26100.6905

windows_11_25h2

Vendor: microsoft • v10.0.26200.6899

windows_11_24h2

Vendor: microsoft • v10.0.26100.2605

windows_11_24h2

Vendor: microsoft • v10.0.26100.4946

windows_11_24h2

Vendor: microsoft • v10.0.26100.6563

windows_server_2025

Vendor: microsoft • v10.0.26100.2894

windows_server_2025

Vendor: microsoft • v10.0.26100.4349

Timeline

Time Line

PUBLICATION

13 Jan 2026

MODIFICATION

14 Jan 2026

Impact Statistics

Key Metrics

CVSS Score

7.0

HIGH

Products

Affected

Articles

Published

Remediation Protocol

Immediate Action Plan

1. Inventory

Identify all affected systems in your infrastructure.

2. Assessment

Assess exposure and criticality for your organization.

3. Mitigation

Apply patches or available workarounds.

4. Verification

Test and confirm effectiveness of applied measures.

Sources & Bibliography

NIST NVD MITRE CVE External Reference ↗

CVE Vulnerabilities

Posts & Pages

CVE-2026-20815

Attack Parameters

Technical Impact

CWE-CWE-362

Affected Configurations

Time Line

Key Metrics

Recommended Solution

Related News Articles

Microsoft Windows Security Update Advisory: Multiple Vulnerabilities Identified

Immediate Action Plan

1. Inventory

2. Assessment

3. Mitigation

4. Verification