Vulnerability-Lookup

JVNDB-2026-004359

Vulnerability from jvndb - Published: 2026-02-20 18:35 - Updated:2026-02-20 18:35

Summary

Security information for Hitachi Disk Array Systems

Details

CVE-2023-31096 | MITRE: CVE-2023-31096 Windows Agere Soft Modem Driver Elevation of Privilege Vulnerability CVE-2024-55414 | Windows Motorola Soft Modem Driver Elevation of Privilege Vulnerability CVE-2026-20804 | Windows Hello Tampering Vulnerability CVE-2026-20805 | Desktop Window Manager Information Disclosure Vulnerability CVE-2026-20809 | Windows Kernel Memory Elevation of Privilege Vulnerability CVE-2026-20810 | Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability CVE-2026-20812 | LDAP Tampering Vulnerability CVE-2026-20814 | DirectX Graphics Kernel Elevation of Privilege Vulnerability CVE-2026-20816 | Windows Installer Elevation of Privilege Vulnerability CVE-2026-20817 | Windows Error Reporting Service Elevation of Privilege Vulnerability CVE-2026-20820 | Windows Common Log File System Driver Elevation of Privilege Vulnerability CVE-2026-20821 | Remote Procedure Call Information Disclosure Vulnerability CVE-2026-20822 | Windows Graphics Component Elevation of Privilege Vulnerability CVE-2026-20823 | Windows File Explorer Information Disclosure Vulnerability CVE-2026-20824 | Windows Remote Assistance Security Feature Bypass Vulnerability CVE-2026-20825 | Windows Hyper-V Information Disclosure Vulnerability CVE-2026-20826 | Tablet Windows User Interface (TWINUI) Subsystem Information Disclosure Vulnerability CVE-2026-20827 | Tablet Windows User Interface (TWINUI) Subsystem Information Disclosure Vulnerability CVE-2026-20828 | Windows rndismp6.sys Information Disclosure Vulnerability CVE-2026-20829 | TPM Trustlet Information Disclosure Vulnerability CVE-2026-20831 | Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability CVE-2026-20832 | Windows Remote Procedure Call Interface Definition Language (IDL) Elevation of Privilege Vulnerability CVE-2026-20834 | Windows Spoofing Vulnerability CVE-2026-20836 | DirectX Graphics Kernel Elevation of Privilege Vulnerability CVE-2026-20837 | Windows Media Remote Code Execution Vulnerability CVE-2026-20839 | Windows Client-Side Caching (CSC) Service Information Disclosure Vulnerability CVE-2026-20840 | Windows NTFS Remote Code Execution Vulnerability CVE-2026-20842 | Microsoft DWM Core Library Elevation of Privilege Vulnerability CVE-2026-20843 | Windows Routing and Remote Access Service (RRAS) Elevation of Privilege Vulnerability CVE-2026-20844 | Windows Clipboard Server Elevation of Privilege Vulnerability CVE-2026-20847 | Microsoft Windows File Explorer Spoofing Vulnerability CVE-2026-20848 | Windows SMB Server Elevation of Privilege Vulnerability CVE-2026-20849 | Windows Kerberos Elevation of Privilege Vulnerability CVE-2026-20852 | Windows Hello Tampering Vulnerability CVE-2026-20853 | Windows WalletService Elevation of Privilege Vulnerability CVE-2026-20856 | Windows Server Update Service (WSUS) Remote Code Execution Vulnerability CVE-2026-20857 | Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability CVE-2026-20858 | Windows Management Services Elevation of Privilege Vulnerability CVE-2026-20860 | Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability CVE-2026-20861 | Windows Management Services Elevation of Privilege Vulnerability CVE-2026-20862 | Windows Management Services Information Disclosure Vulnerability CVE-2026-20864 | Windows Connected Devices Platform Service Elevation of Privilege Vulnerability CVE-2026-20865 | Windows Management Services Elevation of Privilege Vulnerability CVE-2026-20866 | Windows Management Services Elevation of Privilege Vulnerability CVE-2026-20867 | Windows Management Services Elevation of Privilege Vulnerability CVE-2026-20868 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability CVE-2026-20869 | Windows Local Session Manager (LSM) Elevation of Privilege Vulnerability CVE-2026-20871 | Desktop Windows Manager Elevation of Privilege Vulnerability CVE-2026-20872 | NTLM Hash Disclosure Spoofing Vulnerability CVE-2026-20873 | Windows Management Services Elevation of Privilege Vulnerability CVE-2026-20874 | Windows Management Services Elevation of Privilege Vulnerability CVE-2026-20875 | Windows Local Security Authority Subsystem Service (LSASS) Denial of Service Vulnerability CVE-2026-20877 | Windows Management Services Elevation of Privilege Vulnerability CVE-2026-20918 | Windows Management Services Elevation of Privilege Vulnerability CVE-2026-20919 | Windows SMB Server Elevation of Privilege Vulnerability CVE-2026-20921 | Windows SMB Server Elevation of Privilege Vulnerability CVE-2026-20922 | Windows NTFS Remote Code Execution Vulnerability CVE-2026-20923 | Windows Management Services Elevation of Privilege Vulnerability CVE-2026-20924 | Windows Management Services Elevation of Privilege Vulnerability CVE-2026-20925 | NTLM Hash Disclosure Spoofing Vulnerability CVE-2026-20926 | Windows SMB Server Elevation of Privilege Vulnerability CVE-2026-20927 | Windows SMB Server Denial of Service Vulnerability CVE-2026-20929 | Windows HTTP.sys Elevation of Privilege Vulnerability CVE-2026-20931 | Windows Telephony Service Elevation of Privilege Vulnerability CVE-2026-20932 | Windows File Explorer Information Disclosure Vulnerability CVE-2026-20934 | Windows SMB Server Elevation of Privilege Vulnerability CVE-2026-20936 | Windows NDIS Information Disclosure Vulnerability CVE-2026-20937 | Windows File Explorer Information Disclosure Vulnerability CVE-2026-20939 | Windows File Explorer Information Disclosure Vulnerability CVE-2026-20940 | Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability CVE-2026-20962 | Dynamic Root of Trust for Measurement (DRTM) Information Disclosure Vulnerability CVE-2026-21265 | Secure Boot Certificate Expiration Security Feature Bypass Vulnerability

References

Type

URL

	CVE	https://www.cve.org/CVERecord?id=CVE-2023-31096
	CVE	https://www.cve.org/CVERecord?id=CVE-2024-55414
	CVE	https://www.cve.org/CVERecord?id=CVE-2026-20804
	CVE	https://www.cve.org/CVERecord?id=CVE-2026-20805
	CVE	https://www.cve.org/CVERecord?id=CVE-2026-20809
	CVE	https://www.cve.org/CVERecord?id=CVE-2026-20810
	CVE	https://www.cve.org/CVERecord?id=CVE-2026-20812
	CVE	https://www.cve.org/CVERecord?id=CVE-2026-20814
	CVE	https://www.cve.org/CVERecord?id=CVE-2026-20816
	CVE	https://www.cve.org/CVERecord?id=CVE-2026-20817
	CVE	https://www.cve.org/CVERecord?id=CVE-2026-20820
	CVE	https://www.cve.org/CVERecord?id=CVE-2026-20821
	CVE	https://www.cve.org/CVERecord?id=CVE-2026-20822
	CVE	https://www.cve.org/CVERecord?id=CVE-2026-20823
	CVE	https://www.cve.org/CVERecord?id=CVE-2026-20824
	CVE	https://www.cve.org/CVERecord?id=CVE-2026-20825
	CVE	https://www.cve.org/CVERecord?id=CVE-2026-20826
	CVE	https://www.cve.org/CVERecord?id=CVE-2026-20827
	CVE	https://www.cve.org/CVERecord?id=CVE-2026-20828
	CVE	https://www.cve.org/CVERecord?id=CVE-2026-20829
	CVE	https://www.cve.org/CVERecord?id=CVE-2026-20831
	CVE	https://www.cve.org/CVERecord?id=CVE-2026-20832
	CVE	https://www.cve.org/CVERecord?id=CVE-2026-20834
	CVE	https://www.cve.org/CVERecord?id=CVE-2026-20836
	CVE	https://www.cve.org/CVERecord?id=CVE-2026-20837
	CVE	https://www.cve.org/CVERecord?id=CVE-2026-20839
	CVE	https://www.cve.org/CVERecord?id=CVE-2026-20840
	CVE	https://www.cve.org/CVERecord?id=CVE-2026-20842
	CVE	https://www.cve.org/CVERecord?id=CVE-2026-20843
	CVE	https://www.cve.org/CVERecord?id=CVE-2026-20844
	CVE	https://www.cve.org/CVERecord?id=CVE-2026-20847
	CVE	https://www.cve.org/CVERecord?id=CVE-2026-20848
	CVE	https://www.cve.org/CVERecord?id=CVE-2026-20849
	CVE	https://www.cve.org/CVERecord?id=CVE-2026-20852
	CVE	https://www.cve.org/CVERecord?id=CVE-2026-20853
	CVE	https://www.cve.org/CVERecord?id=CVE-2026-20856
	CVE	https://www.cve.org/CVERecord?id=CVE-2026-20857
	CVE	https://www.cve.org/CVERecord?id=CVE-2026-20858
	CVE	https://www.cve.org/CVERecord?id=CVE-2026-20860
	CVE	https://www.cve.org/CVERecord?id=CVE-2026-20861
	CVE	https://www.cve.org/CVERecord?id=CVE-2026-20862
	CVE	https://www.cve.org/CVERecord?id=CVE-2026-20864
	CVE	https://www.cve.org/CVERecord?id=CVE-2026-20865
	CVE	https://www.cve.org/CVERecord?id=CVE-2026-20866
	CVE	https://www.cve.org/CVERecord?id=CVE-2026-20867
	CVE	https://www.cve.org/CVERecord?id=CVE-2026-20868
	CVE	https://www.cve.org/CVERecord?id=CVE-2026-20869
	CVE	https://www.cve.org/CVERecord?id=CVE-2026-20871
	CVE	https://www.cve.org/CVERecord?id=CVE-2026-20872
	CVE	https://www.cve.org/CVERecord?id=CVE-2026-20873
	CVE	https://www.cve.org/CVERecord?id=CVE-2026-20874
	CVE	https://www.cve.org/CVERecord?id=CVE-2026-20875
	CVE	https://www.cve.org/CVERecord?id=CVE-2026-20877
	CVE	https://www.cve.org/CVERecord?id=CVE-2026-20918
	CVE	https://www.cve.org/CVERecord?id=CVE-2026-20919
	CVE	https://www.cve.org/CVERecord?id=CVE-2026-20921
	CVE	https://www.cve.org/CVERecord?id=CVE-2026-20922
	CVE	https://www.cve.org/CVERecord?id=CVE-2026-20923
	CVE	https://www.cve.org/CVERecord?id=CVE-2026-20924
	CVE	https://www.cve.org/CVERecord?id=CVE-2026-20925
	CVE	https://www.cve.org/CVERecord?id=CVE-2026-20926
	CVE	https://www.cve.org/CVERecord?id=CVE-2026-20927
	CVE	https://www.cve.org/CVERecord?id=CVE-2026-20929
	CVE	https://www.cve.org/CVERecord?id=CVE-2026-20931
	CVE	https://www.cve.org/CVERecord?id=CVE-2026-20932
	CVE	https://www.cve.org/CVERecord?id=CVE-2026-20934
	CVE	https://www.cve.org/CVERecord?id=CVE-2026-20936
	CVE	https://www.cve.org/CVERecord?id=CVE-2026-20937
	CVE	https://www.cve.org/CVERecord?id=CVE-2026-20939
	CVE	https://www.cve.org/CVERecord?id=CVE-2026-20940
	CVE	https://www.cve.org/CVERecord?id=CVE-2026-20962
	CVE	https://www.cve.org/CVERecord?id=CVE-2026-21265
	Related document	https://msrc.microsoft.com/update-guide/en-us

Impacted products

Vendor

Product

Hitachi, Ltd

Hitachi Virtual Storage Platform

Show details on JVN DB website

JSON

To clipboard

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2026/JVNDB-2026-004359.html",
  "dc:date": "2026-02-20T18:35+09:00",
  "dcterms:issued": "2026-02-20T18:35+09:00",
  "dcterms:modified": "2026-02-20T18:35+09:00",
  "description": "CVE-2023-31096 | MITRE: CVE-2023-31096 Windows Agere Soft Modem Driver Elevation of Privilege Vulnerability\r\nCVE-2024-55414 | Windows Motorola Soft Modem Driver Elevation of Privilege Vulnerability\r\nCVE-2026-20804 | Windows Hello Tampering Vulnerability\r\nCVE-2026-20805 | Desktop Window Manager Information Disclosure Vulnerability\r\nCVE-2026-20809 | Windows Kernel Memory Elevation of Privilege Vulnerability\r\nCVE-2026-20810 | Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability\r\nCVE-2026-20812 | LDAP Tampering Vulnerability\r\nCVE-2026-20814 | DirectX Graphics Kernel Elevation of Privilege Vulnerability\r\nCVE-2026-20816 | Windows Installer Elevation of Privilege Vulnerability\r\nCVE-2026-20817 | Windows Error Reporting Service Elevation of Privilege Vulnerability\r\nCVE-2026-20820 | Windows Common Log File System Driver Elevation of Privilege Vulnerability\r\nCVE-2026-20821 | Remote Procedure Call Information Disclosure Vulnerability\r\nCVE-2026-20822 | Windows Graphics Component Elevation of Privilege Vulnerability\r\nCVE-2026-20823 | Windows File Explorer Information Disclosure Vulnerability\r\nCVE-2026-20824 | Windows Remote Assistance Security Feature Bypass Vulnerability\r\nCVE-2026-20825 | Windows Hyper-V Information Disclosure Vulnerability\r\nCVE-2026-20826 | Tablet Windows User Interface (TWINUI) Subsystem Information Disclosure Vulnerability\r\nCVE-2026-20827 | Tablet Windows User Interface (TWINUI) Subsystem Information Disclosure Vulnerability\r\nCVE-2026-20828 | Windows rndismp6.sys Information Disclosure Vulnerability\r\nCVE-2026-20829 | TPM Trustlet Information Disclosure Vulnerability\r\nCVE-2026-20831 | Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability\r\nCVE-2026-20832 | Windows Remote Procedure Call Interface Definition Language (IDL) Elevation of Privilege Vulnerability\r\nCVE-2026-20834 | Windows Spoofing Vulnerability\r\nCVE-2026-20836 | DirectX Graphics Kernel Elevation of Privilege Vulnerability\r\nCVE-2026-20837 | Windows Media Remote Code Execution Vulnerability\r\nCVE-2026-20839 | Windows Client-Side Caching (CSC) Service Information Disclosure Vulnerability\r\nCVE-2026-20840 | Windows NTFS Remote Code Execution Vulnerability\r\nCVE-2026-20842 | Microsoft DWM Core Library Elevation of Privilege Vulnerability\r\nCVE-2026-20843 | Windows Routing and Remote Access Service (RRAS) Elevation of Privilege Vulnerability\r\nCVE-2026-20844 | Windows Clipboard Server Elevation of Privilege Vulnerability\r\nCVE-2026-20847 | Microsoft Windows File Explorer Spoofing Vulnerability\r\nCVE-2026-20848 | Windows SMB Server Elevation of Privilege Vulnerability\r\nCVE-2026-20849 | Windows Kerberos Elevation of Privilege Vulnerability\r\nCVE-2026-20852 | Windows Hello Tampering Vulnerability\r\nCVE-2026-20853 | Windows WalletService Elevation of Privilege Vulnerability\r\nCVE-2026-20856 | Windows Server Update Service (WSUS) Remote Code Execution Vulnerability\r\nCVE-2026-20857 | Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability\r\nCVE-2026-20858 | Windows Management Services Elevation of Privilege Vulnerability\r\nCVE-2026-20860 | Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability\r\nCVE-2026-20861 | Windows Management Services Elevation of Privilege Vulnerability\r\nCVE-2026-20862 | Windows Management Services Information Disclosure Vulnerability\r\nCVE-2026-20864 | Windows Connected Devices Platform Service Elevation of Privilege Vulnerability\r\nCVE-2026-20865 | Windows Management Services Elevation of Privilege Vulnerability\r\nCVE-2026-20866 | Windows Management Services Elevation of Privilege Vulnerability\r\nCVE-2026-20867 | Windows Management Services Elevation of Privilege Vulnerability\r\nCVE-2026-20868 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability\r\nCVE-2026-20869 | Windows Local Session Manager (LSM) Elevation of Privilege Vulnerability\r\nCVE-2026-20871 | Desktop Windows Manager Elevation of Privilege Vulnerability\r\nCVE-2026-20872 | NTLM Hash Disclosure Spoofing Vulnerability\r\nCVE-2026-20873 | Windows Management Services Elevation of Privilege Vulnerability\r\nCVE-2026-20874 | Windows Management Services Elevation of Privilege Vulnerability\r\nCVE-2026-20875 | Windows Local Security Authority Subsystem Service (LSASS) Denial of Service Vulnerability\r\nCVE-2026-20877 | Windows Management Services Elevation of Privilege Vulnerability\r\nCVE-2026-20918 | Windows Management Services Elevation of Privilege Vulnerability\r\nCVE-2026-20919 | Windows SMB Server Elevation of Privilege Vulnerability\r\nCVE-2026-20921 | Windows SMB Server Elevation of Privilege Vulnerability\r\nCVE-2026-20922 | Windows NTFS Remote Code Execution Vulnerability\r\nCVE-2026-20923 | Windows Management Services Elevation of Privilege Vulnerability\r\nCVE-2026-20924 | Windows Management Services Elevation of Privilege Vulnerability\r\nCVE-2026-20925 | NTLM Hash Disclosure Spoofing Vulnerability\r\nCVE-2026-20926 | Windows SMB Server Elevation of Privilege Vulnerability\r\nCVE-2026-20927 | Windows SMB Server Denial of Service Vulnerability\r\nCVE-2026-20929 | Windows HTTP.sys Elevation of Privilege Vulnerability\r\nCVE-2026-20931 | Windows Telephony Service Elevation of Privilege Vulnerability\r\nCVE-2026-20932 | Windows File Explorer Information Disclosure Vulnerability\r\nCVE-2026-20934 | Windows SMB Server Elevation of Privilege Vulnerability\r\nCVE-2026-20936 | Windows NDIS Information Disclosure Vulnerability\r\nCVE-2026-20937 | Windows File Explorer Information Disclosure Vulnerability\r\nCVE-2026-20939 | Windows File Explorer Information Disclosure Vulnerability\r\nCVE-2026-20940 | Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability\r\nCVE-2026-20962 | Dynamic Root of Trust for Measurement (DRTM) Information Disclosure Vulnerability\r\nCVE-2026-21265 | Secure Boot Certificate Expiration Security Feature Bypass Vulnerability",
  "link": "https://jvndb.jvn.jp/en/contents/2026/JVNDB-2026-004359.html",
  "sec:cpe": {
    "#text": "cpe:/h:hitachi:virtual_storage_platform",
    "@product": "Hitachi Virtual Storage Platform",
    "@vendor": "Hitachi, Ltd",
    "@version": "2.2"
  },
  "sec:identifier": "JVNDB-2026-004359",
  "sec:references": [
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2023-31096",
      "@id": "CVE-2023-31096",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2024-55414",
      "@id": "CVE-2024-55414",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2026-20804",
      "@id": "CVE-2026-20804",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2026-20805",
      "@id": "CVE-2026-20805",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2026-20809",
      "@id": "CVE-2026-20809",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2026-20810",
      "@id": "CVE-2026-20810",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2026-20812",
      "@id": "CVE-2026-20812",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2026-20814",
      "@id": "CVE-2026-20814",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2026-20816",
      "@id": "CVE-2026-20816",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2026-20817",
      "@id": "CVE-2026-20817",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2026-20820",
      "@id": "CVE-2026-20820",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2026-20821",
      "@id": "CVE-2026-20821",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2026-20822",
      "@id": "CVE-2026-20822",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2026-20823",
      "@id": "CVE-2026-20823",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2026-20824",
      "@id": "CVE-2026-20824",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2026-20825",
      "@id": "CVE-2026-20825",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2026-20826",
      "@id": "CVE-2026-20826",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2026-20827",
      "@id": "CVE-2026-20827",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2026-20828",
      "@id": "CVE-2026-20828",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2026-20829",
      "@id": "CVE-2026-20829",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2026-20831",
      "@id": "CVE-2026-20831",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2026-20832",
      "@id": "CVE-2026-20832",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2026-20834",
      "@id": "CVE-2026-20834",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2026-20836",
      "@id": "CVE-2026-20836",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2026-20837",
      "@id": "CVE-2026-20837",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2026-20839",
      "@id": "CVE-2026-20839",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2026-20840",
      "@id": "CVE-2026-20840",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2026-20842",
      "@id": "CVE-2026-20842",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2026-20843",
      "@id": "CVE-2026-20843",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2026-20844",
      "@id": "CVE-2026-20844",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2026-20847",
      "@id": "CVE-2026-20847",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2026-20848",
      "@id": "CVE-2026-20848",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2026-20849",
      "@id": "CVE-2026-20849",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2026-20852",
      "@id": "CVE-2026-20852",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2026-20853",
      "@id": "CVE-2026-20853",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2026-20856",
      "@id": "CVE-2026-20856",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2026-20857",
      "@id": "CVE-2026-20857",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2026-20858",
      "@id": "CVE-2026-20858",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2026-20860",
      "@id": "CVE-2026-20860",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2026-20861",
      "@id": "CVE-2026-20861",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2026-20862",
      "@id": "CVE-2026-20862",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2026-20864",
      "@id": "CVE-2026-20864",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2026-20865",
      "@id": "CVE-2026-20865",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2026-20866",
      "@id": "CVE-2026-20866",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2026-20867",
      "@id": "CVE-2026-20867",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2026-20868",
      "@id": "CVE-2026-20868",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2026-20869",
      "@id": "CVE-2026-20869",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2026-20871",
      "@id": "CVE-2026-20871",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2026-20872",
      "@id": "CVE-2026-20872",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2026-20873",
      "@id": "CVE-2026-20873",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2026-20874",
      "@id": "CVE-2026-20874",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2026-20875",
      "@id": "CVE-2026-20875",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2026-20877",
      "@id": "CVE-2026-20877",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2026-20918",
      "@id": "CVE-2026-20918",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2026-20919",
      "@id": "CVE-2026-20919",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2026-20921",
      "@id": "CVE-2026-20921",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2026-20922",
      "@id": "CVE-2026-20922",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2026-20923",
      "@id": "CVE-2026-20923",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2026-20924",
      "@id": "CVE-2026-20924",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2026-20925",
      "@id": "CVE-2026-20925",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2026-20926",
      "@id": "CVE-2026-20926",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2026-20927",
      "@id": "CVE-2026-20927",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2026-20929",
      "@id": "CVE-2026-20929",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2026-20931",
      "@id": "CVE-2026-20931",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2026-20932",
      "@id": "CVE-2026-20932",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2026-20934",
      "@id": "CVE-2026-20934",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2026-20936",
      "@id": "CVE-2026-20936",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2026-20937",
      "@id": "CVE-2026-20937",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2026-20939",
      "@id": "CVE-2026-20939",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2026-20940",
      "@id": "CVE-2026-20940",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2026-20962",
      "@id": "CVE-2026-20962",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2026-21265",
      "@id": "CVE-2026-21265",
      "@source": "CVE"
    },
    {
      "#text": "https://msrc.microsoft.com/update-guide/en-us",
      "@id": "https://msrc.microsoft.com/update-guide/en-us",
      "@source": "Related document"
    }
  ],
  "title": "Security information for Hitachi Disk Array Systems"
}

CVE-2026-20962 (GCVE-0-2026-20962)

Vulnerability from cvelistv5 – Published: 2026-01-13 17:56 – Updated: 2026-04-01 13:48

Title

Dynamic Root of Trust for Measurement (DRTM) Information Disclosure Vulnerability

Summary

Use of uninitialized resource in Dynamic Root of Trust for Measurement (DRTM) allows an authorized attacker to disclose information locally.

Severity

4.4 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C

SSVC

Exploitation: none Automatable: no Technical Impact: partial

CISA Coordinator (v2.0.3)

CWE

CWE-908 - Use of Uninitialized Resource

Assigner

microsoft

References

1 reference

URL	Tags
https://msrc.microsoft.com/update-guide/vulnerabi…	vendor-advisorypatch

Impacted products

13 products

Vendor	Product	Version
Microsoft	Windows 10 Version 1809	Affected: 10.0.17763.0 , < 10.0.17763.8276 (custom)
Microsoft	Windows 10 Version 21H2	Affected: 10.0.19044.0 , < 10.0.19044.6809 (custom)
Microsoft	Windows 10 Version 22H2	Affected: 10.0.19045.0 , < 10.0.19045.6809 (custom)
Microsoft	Windows 11 version 22H3	Affected: 10.0.22631.0 , < 10.0.22631.6491 (custom)
Microsoft	Windows 11 Version 23H2	Affected: 10.0.22631.0 , < 10.0.22631.6491 (custom)
Microsoft	Windows 11 Version 24H2	Affected: 10.0.26100.0 , < 10.0.26100.7623 (custom)
Microsoft	Windows 11 Version 25H2	Affected: 10.0.26200.0 , < 10.0.26200.7623 (custom)
Microsoft	Windows Server 2019	Affected: 10.0.17763.0 , < 10.0.17763.8276 (custom)
Microsoft	Windows Server 2019 (Server Core installation)	Affected: 10.0.17763.0 , < 10.0.17763.8276 (custom)
Microsoft	Windows Server 2022	Affected: 10.0.20348.0 , < 10.0.20348.4648 (custom)
Microsoft	Windows Server 2022, 23H2 Edition (Server Core installation)	Affected: 10.0.25398.0 , < 10.0.25398.2092 (custom)
Microsoft	Windows Server 2025	Affected: 10.0.26100.0 , < 10.0.26100.32230 (custom)
Microsoft	Windows Server 2025 (Server Core installation)	Affected: 10.0.26100.0 , < 10.0.26100.32230 (custom)

Date Public

2026-01-13 16:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-20962",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-01-13T19:41:32.139241Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-01-14T19:29:05.687Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "platforms": [
            "32-bit Systems",
            "x64-based Systems"
          ],
          "product": "Windows 10 Version 1809",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.17763.8276",
              "status": "affected",
              "version": "10.0.17763.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "32-bit Systems",
            "ARM64-based Systems",
            "x64-based Systems"
          ],
          "product": "Windows 10 Version 21H2",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.19044.6809",
              "status": "affected",
              "version": "10.0.19044.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "32-bit Systems",
            "ARM64-based Systems",
            "x64-based Systems"
          ],
          "product": "Windows 10 Version 22H2",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.19045.6809",
              "status": "affected",
              "version": "10.0.19045.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "ARM64-based Systems"
          ],
          "product": "Windows 11 version 22H3",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.22631.6491",
              "status": "affected",
              "version": "10.0.22631.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Windows 11 Version 23H2",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.22631.6491",
              "status": "affected",
              "version": "10.0.22631.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "ARM64-based Systems",
            "x64-based Systems"
          ],
          "product": "Windows 11 Version 24H2",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.26100.7623",
              "status": "affected",
              "version": "10.0.26100.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Windows 11 Version 25H2",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.26200.7623",
              "status": "affected",
              "version": "10.0.26200.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Windows Server 2019",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.17763.8276",
              "status": "affected",
              "version": "10.0.17763.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Windows Server 2019 (Server Core installation)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.17763.8276",
              "status": "affected",
              "version": "10.0.17763.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Windows Server 2022",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.20348.4648",
              "status": "affected",
              "version": "10.0.20348.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Windows Server 2022, 23H2 Edition (Server Core installation)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.25398.2092",
              "status": "affected",
              "version": "10.0.25398.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Windows Server 2025",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.26100.32230",
              "status": "affected",
              "version": "10.0.26100.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Windows Server 2025 (Server Core installation)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.26100.32230",
              "status": "affected",
              "version": "10.0.26100.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_11_2H2:*:*:*:*:*:*:x64:*",
                  "versionEndExcluding": "10.0.26200.7623",
                  "versionStartIncluding": "10.0.26200.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*",
                  "versionEndExcluding": "10.0.17763.8276",
                  "versionStartIncluding": "10.0.17763.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "10.0.17763.8276",
                  "versionStartIncluding": "10.0.17763.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "10.0.17763.8276",
                  "versionStartIncluding": "10.0.17763.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "10.0.20348.4648",
                  "versionStartIncluding": "10.0.20348.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_10_21H2:*:*:*:*:*:*:x86:*",
                  "versionEndExcluding": "10.0.19044.6809",
                  "versionStartIncluding": "10.0.19044.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_10_22H2:*:*:*:*:*:*:x64:*",
                  "versionEndExcluding": "10.0.19045.6809",
                  "versionStartIncluding": "10.0.19045.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "10.0.26100.32230",
                  "versionStartIncluding": "10.0.26100.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_11_23H2:*:*:*:*:*:*:arm64:*",
                  "versionEndExcluding": "10.0.22631.6491",
                  "versionStartIncluding": "10.0.22631.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_11_23H2:*:*:*:*:*:*:x64:*",
                  "versionEndExcluding": "10.0.22631.6491",
                  "versionStartIncluding": "10.0.22631.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_server_23h2:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "10.0.25398.2092",
                  "versionStartIncluding": "10.0.25398.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_11_24H2:*:*:*:*:*:*:arm64:*",
                  "versionEndExcluding": "10.0.26100.7623",
                  "versionStartIncluding": "10.0.26100.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "10.0.26100.32230",
                  "versionStartIncluding": "10.0.26100.0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "datePublic": "2026-01-13T16:00:00.000Z",
      "descriptions": [
        {
          "lang": "en-US",
          "value": "Use of uninitialized resource in Dynamic Root of Trust for Measurement (DRTM) allows an authorized attacker to disclose information locally."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 4.4,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en-US",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-908",
              "description": "CWE-908: Use of Uninitialized Resource",
              "lang": "en-US",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-01T13:48:12.699Z",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "Dynamic Root of Trust for Measurement (DRTM) Information Disclosure Vulnerability",
          "tags": [
            "vendor-advisory",
            "patch"
          ],
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20962"
        }
      ],
      "title": "Dynamic Root of Trust for Measurement (DRTM) Information Disclosure Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2026-20962",
    "datePublished": "2026-01-13T17:56:03.244Z",
    "dateReserved": "2025-12-04T20:04:16.341Z",
    "dateUpdated": "2026-04-01T13:48:12.699Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-21265 (GCVE-0-2026-21265)

Vulnerability from cvelistv5 – Published: 2026-01-13 17:56 – Updated: 2026-04-01 13:48

Title

Secure Boot Certificate Expiration Security Feature Bypass Vulnerability

Summary

Windows Secure Boot stores Microsoft certificates in the UEFI KEK and DB. These original certificates are approaching expiration, and devices containing affected certificate versions must update them to maintain Secure Boot functionality and avoid compromising security by losing security fixes related to Windows boot manager or Secure Boot. The operating system’s certificate update protection mechanism relies on firmware components that might contain defects, which can cause certificate trust updates to fail or behave unpredictably. This leads to potential disruption of the Secure Boot trust chain and requires careful validation and deployment to restore intended security guarantees. Certificate Authority (CA) Location Purpose Expiration Date Microsoft Corporation KEK CA 2011 KEK Signs updates to the DB and DBX 06/24/2026 Microsoft Corporation UEFI CA 2011 DB Signs 3rd party boot loaders, Option ROMs, etc. 06/27/2026 Microsoft Windows Production PCA 2011 DB Signs the Windows Boot Manager 10/19/2026 For more information see this CVE and Windows Secure Boot certificate expiration and CA updates.

Severity

6.4 (Medium)


                        
                          CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

SSVC

Exploitation: none Automatable: no Technical Impact: total

CISA Coordinator (v2.0.3)

CWE

CWE-1329 - - Reliance on Component That is Not Updateable

Assigner

microsoft

References

1 reference

URL	Tags
https://msrc.microsoft.com/update-guide/vulnerabi…	vendor-advisorypatch

Impacted products

20 products

Vendor	Product	Version
Microsoft	Windows 10 Version 1607	Affected: 10.0.14393.0 , < 10.0.14393.8783 (custom)
Microsoft	Windows 10 Version 1809	Affected: 10.0.17763.0 , < 10.0.17763.8276 (custom)
Microsoft	Windows 10 Version 21H2	Affected: 10.0.19044.0 , < 10.0.19044.6809 (custom)
Microsoft	Windows 10 Version 22H2	Affected: 10.0.19045.0 , < 10.0.19045.6809 (custom)
Microsoft	Windows 11 version 22H3	Affected: 10.0.22631.0 , < 10.0.22631.6491 (custom)
Microsoft	Windows 11 Version 23H2	Affected: 10.0.22631.0 , < 10.0.22631.6491 (custom)
Microsoft	Windows 11 Version 24H2	Affected: 10.0.26100.0 , < 10.0.26100.7623 (custom)
Microsoft	Windows 11 Version 25H2	Affected: 10.0.26200.0 , < 10.0.26200.7623 (custom)
Microsoft	Windows Server 2012	Affected: 6.2.9200.0 , < 6.2.9200.25868 (custom)
Microsoft	Windows Server 2012 (Server Core installation)	Affected: 6.2.9200.0 , < 6.2.9200.25868 (custom)
Microsoft	Windows Server 2012 R2	Affected: 6.3.9600.0 , < 6.3.9600.22968 (custom)
Microsoft	Windows Server 2012 R2 (Server Core installation)	Affected: 6.3.9600.0 , < 6.3.9600.22968 (custom)
Microsoft	Windows Server 2016	Affected: 10.0.14393.0 , < 10.0.14393.8783 (custom)
Microsoft	Windows Server 2016 (Server Core installation)	Affected: 10.0.14393.0 , < 10.0.14393.8783 (custom)
Microsoft	Windows Server 2019	Affected: 10.0.17763.0 , < 10.0.17763.8276 (custom)
Microsoft	Windows Server 2019 (Server Core installation)	Affected: 10.0.17763.0 , < 10.0.17763.8276 (custom)
Microsoft	Windows Server 2022	Affected: 10.0.20348.0 , < 10.0.20348.4648 (custom)
Microsoft	Windows Server 2022, 23H2 Edition (Server Core installation)	Affected: 10.0.25398.0 , < 10.0.25398.2092 (custom)
Microsoft	Windows Server 2025	Affected: 10.0.26100.0 , < 10.0.26100.32230 (custom)
Microsoft	Windows Server 2025 (Server Core installation)	Affected: 10.0.26100.0 , < 10.0.26100.32230 (custom)

Date Public

2026-01-13 16:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-21265",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-01-14T04:57:08.255762Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-02-26T15:04:41.908Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "platforms": [
            "32-bit Systems",
            "x64-based Systems"
          ],
          "product": "Windows 10 Version 1607",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.14393.8783",
              "status": "affected",
              "version": "10.0.14393.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "32-bit Systems",
            "x64-based Systems"
          ],
          "product": "Windows 10 Version 1809",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.17763.8276",
              "status": "affected",
              "version": "10.0.17763.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "32-bit Systems",
            "ARM64-based Systems",
            "x64-based Systems"
          ],
          "product": "Windows 10 Version 21H2",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.19044.6809",
              "status": "affected",
              "version": "10.0.19044.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "32-bit Systems",
            "ARM64-based Systems",
            "x64-based Systems"
          ],
          "product": "Windows 10 Version 22H2",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.19045.6809",
              "status": "affected",
              "version": "10.0.19045.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "ARM64-based Systems"
          ],
          "product": "Windows 11 version 22H3",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.22631.6491",
              "status": "affected",
              "version": "10.0.22631.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Windows 11 Version 23H2",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.22631.6491",
              "status": "affected",
              "version": "10.0.22631.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "ARM64-based Systems",
            "x64-based Systems"
          ],
          "product": "Windows 11 Version 24H2",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.26100.7623",
              "status": "affected",
              "version": "10.0.26100.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Windows 11 Version 25H2",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.26200.7623",
              "status": "affected",
              "version": "10.0.26200.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Windows Server 2012",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "6.2.9200.25868",
              "status": "affected",
              "version": "6.2.9200.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Windows Server 2012 (Server Core installation)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "6.2.9200.25868",
              "status": "affected",
              "version": "6.2.9200.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Windows Server 2012 R2",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "6.3.9600.22968",
              "status": "affected",
              "version": "6.3.9600.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Windows Server 2012 R2 (Server Core installation)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "6.3.9600.22968",
              "status": "affected",
              "version": "6.3.9600.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Windows Server 2016",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.14393.8783",
              "status": "affected",
              "version": "10.0.14393.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Windows Server 2016 (Server Core installation)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.14393.8783",
              "status": "affected",
              "version": "10.0.14393.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Windows Server 2019",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.17763.8276",
              "status": "affected",
              "version": "10.0.17763.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Windows Server 2019 (Server Core installation)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.17763.8276",
              "status": "affected",
              "version": "10.0.17763.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Windows Server 2022",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.20348.4648",
              "status": "affected",
              "version": "10.0.20348.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Windows Server 2022, 23H2 Edition (Server Core installation)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.25398.2092",
              "status": "affected",
              "version": "10.0.25398.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Windows Server 2025",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.26100.32230",
              "status": "affected",
              "version": "10.0.26100.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Windows Server 2025 (Server Core installation)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.26100.32230",
              "status": "affected",
              "version": "10.0.26100.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*",
                  "versionEndExcluding": "10.0.17763.8276",
                  "versionStartIncluding": "10.0.17763.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "10.0.17763.8276",
                  "versionStartIncluding": "10.0.17763.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "10.0.17763.8276",
                  "versionStartIncluding": "10.0.17763.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "10.0.20348.4648",
                  "versionStartIncluding": "10.0.20348.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_10_21H2:*:*:*:*:*:*:x86:*",
                  "versionEndExcluding": "10.0.19044.6809",
                  "versionStartIncluding": "10.0.19044.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_10_22H2:*:*:*:*:*:*:x64:*",
                  "versionEndExcluding": "10.0.19045.6809",
                  "versionStartIncluding": "10.0.19045.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "10.0.26100.32230",
                  "versionStartIncluding": "10.0.26100.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_11_25H2:*:*:*:*:*:*:arm64:*",
                  "versionEndExcluding": "10.0.26200.7623",
                  "versionStartIncluding": "10.0.26200.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_11_23H2:*:*:*:*:*:*:arm64:*",
                  "versionEndExcluding": "10.0.22631.6491",
                  "versionStartIncluding": "10.0.22631.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_11_23H2:*:*:*:*:*:*:x64:*",
                  "versionEndExcluding": "10.0.22631.6491",
                  "versionStartIncluding": "10.0.22631.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_server_23h2:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "10.0.25398.2092",
                  "versionStartIncluding": "10.0.25398.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_11_24H2:*:*:*:*:*:*:arm64:*",
                  "versionEndExcluding": "10.0.26100.7623",
                  "versionStartIncluding": "10.0.26100.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "10.0.26100.32230",
                  "versionStartIncluding": "10.0.26100.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*",
                  "versionEndExcluding": "10.0.14393.8783",
                  "versionStartIncluding": "10.0.14393.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "10.0.14393.8783",
                  "versionStartIncluding": "10.0.14393.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "10.0.14393.8783",
                  "versionStartIncluding": "10.0.14393.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_server_2012:*:*:*:*:*:*:x64:*",
                  "versionEndExcluding": "6.2.9200.25868",
                  "versionStartIncluding": "6.2.9200.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_server_2012:*:*:*:*:*:*:x64:*",
                  "versionEndExcluding": "6.2.9200.25868",
                  "versionStartIncluding": "6.2.9200.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_server_2012_R2:*:*:*:*:*:*:x64:*",
                  "versionEndExcluding": "6.3.9600.22968",
                  "versionStartIncluding": "6.3.9600.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_server_2012_R2:*:*:*:*:*:*:x64:*",
                  "versionEndExcluding": "6.3.9600.22968",
                  "versionStartIncluding": "6.3.9600.0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "datePublic": "2026-01-13T16:00:00.000Z",
      "descriptions": [
        {
          "lang": "en-US",
          "value": "Windows Secure Boot stores Microsoft certificates in the UEFI KEK and DB. These original certificates are approaching expiration, and devices containing affected certificate versions must update them to maintain Secure Boot functionality and avoid compromising security by losing security fixes related to Windows boot manager or Secure Boot.\nThe operating system\u2019s certificate update protection mechanism relies on firmware components that might contain defects, which can cause certificate trust updates to fail or behave unpredictably. This leads to potential disruption of the Secure Boot trust chain and requires careful validation and deployment to restore intended security guarantees.\n\n\n\nCertificate Authority (CA)\nLocation\nPurpose\nExpiration Date\n\n\n\n\nMicrosoft Corporation KEK CA 2011\nKEK\nSigns updates to the DB and DBX\n06/24/2026\n\n\nMicrosoft Corporation UEFI CA 2011\nDB\nSigns 3rd party boot loaders, Option ROMs, etc.\n06/27/2026\n\n\nMicrosoft Windows Production PCA 2011\nDB\nSigns the Windows Boot Manager\n10/19/2026\n\n\n\nFor more information see this CVE and Windows Secure Boot certificate expiration and CA updates."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 6.4,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en-US",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-1329",
              "description": "CWE-1329 - Reliance on Component That is Not Updateable",
              "lang": "en-US",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-01T13:48:13.618Z",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "Secure Boot Certificate Expiration Security Feature Bypass Vulnerability",
          "tags": [
            "vendor-advisory",
            "patch"
          ],
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21265"
        }
      ],
      "title": "Secure Boot Certificate Expiration Security Feature Bypass Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2026-21265",
    "datePublished": "2026-01-13T17:56:04.224Z",
    "dateReserved": "2025-12-11T21:02:05.738Z",
    "dateUpdated": "2026-04-01T13:48:13.618Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

JVNDB-2026-004359

CVE-2026-20962 (GCVE-0-2026-20962)

CVE-2026-21265 (GCVE-0-2026-21265)

Tags

Sightings

Nomenclature