NCSC-2026-0007

Vulnerability from csaf_ncscnl - Published: 2026-01-13 19:16 - Updated: 2026-01-13 19:16
Summary
Kwetsbaarheden verholpen in Microsoft Windows

Notes

The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions: NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein. NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory. This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.
Feiten
Microsoft heeft kwetsbaarheden verholpen in Windows
Interpretaties
Een kwaadwillende kan de kwetsbaarheden misbruiken om aanvallen uit te voeren die kunnen leiden tot de volgende categoriën schade: - Denial-of-Service (DoS) - Manipulatie van gegevens - Toegang tot gevoelige gegevens - Uitvoeren van willekeurige code (gebruikersrechten) - Uitvoeren van willekeurige code (root/admin) - Verkrijgen van verhoogde rechten - Omzeilen van een beveiligingsmaatregel - Spoofing Van de kwetsbaarheid met kenmerk CVE-2026-21265 meldt Microsoft informatie te hebben dat deze publiekelijk besproken wordt op fora. Een kwaadwillende kan de kwetsbaarheid misbruiken om Secure Boot te omzeilen. Misbruik is echter niet eenvoudig, vereist voorafgaande verhoogde rechten en een diepgaande kennis van het te compromitteren systeem. Grootschalig misbruik is hiermee zeer onwaarschijnlijk. Van de kwetsbaarheid met kenmerk CVE-2026-20805 meldt Microsoft dat deze als zeroday-kwetsbaarheid is misbruikt. Misbruik vereist lokale toegang en voorafgaande gebruikersauthenticatie. Verdere informatie is niet bekend gesteld. Grootschalig misbruik is niet waarschijnlijk. De kwetsbaarheid met kenmerk CVE-2023-31096 is een oudere kwetsbaarheid in Broadcom modem drivers, zoals gebruikt in de (verouderde) Agere modems. Hiervan is al langer Proof-of-Concept-code bekend, maar grootschalig misbruik heeft voor zover bekend nog niet plaatsgevonden. Microsoft heeft in deze update de drivers verwijderd. ``` Windows Remote Assistance: |----------------|------|-------------------------------------| | CVE-ID | CVSS | Impact | |----------------|------|-------------------------------------| | CVE-2026-20824 | 5.50 | Omzeilen van beveiligingsmaatregel | |----------------|------|-------------------------------------| Capability Access Management Service (camsvc): |----------------|------|-------------------------------------| | CVE-ID | CVSS | Impact | |----------------|------|-------------------------------------| | CVE-2026-20815 | 7.00 | Verkrijgen van verhoogde rechten | | CVE-2026-20835 | 5.50 | Toegang tot gevoelige gegevens | | CVE-2026-20851 | 6.20 | Toegang tot gevoelige gegevens | | CVE-2026-20830 | 7.00 | Verkrijgen van verhoogde rechten | | CVE-2026-21221 | 7.00 | Verkrijgen van verhoogde rechten | |----------------|------|-------------------------------------| Windows Media: |----------------|------|-------------------------------------| | CVE-ID | CVSS | Impact | |----------------|------|-------------------------------------| | CVE-2026-20837 | 7.80 | Uitvoeren van willekeurige code | |----------------|------|-------------------------------------| Windows Local Session Manager (LSM): |----------------|------|-------------------------------------| | CVE-ID | CVSS | Impact | |----------------|------|-------------------------------------| | CVE-2026-20869 | 7.00 | Verkrijgen van verhoogde rechten | |----------------|------|-------------------------------------| Windows NDIS: |----------------|------|-------------------------------------| | CVE-ID | CVSS | Impact | |----------------|------|-------------------------------------| | CVE-2026-20936 | 4.30 | Toegang tot gevoelige gegevens | |----------------|------|-------------------------------------| Windows Management Services: |----------------|------|-------------------------------------| | CVE-ID | CVSS | Impact | |----------------|------|-------------------------------------| | CVE-2026-20858 | 7.80 | Verkrijgen van verhoogde rechten | | CVE-2026-20865 | 7.80 | Verkrijgen van verhoogde rechten | | CVE-2026-20877 | 7.80 | Verkrijgen van verhoogde rechten | | CVE-2026-20918 | 7.80 | Verkrijgen van verhoogde rechten | | CVE-2026-20923 | 7.80 | Verkrijgen van verhoogde rechten | | CVE-2026-20924 | 7.80 | Verkrijgen van verhoogde rechten | | CVE-2026-20861 | 7.80 | Verkrijgen van verhoogde rechten | | CVE-2026-20862 | 5.50 | Toegang tot gevoelige gegevens | | CVE-2026-20866 | 7.80 | Verkrijgen van verhoogde rechten | | CVE-2026-20867 | 7.80 | Verkrijgen van verhoogde rechten | | CVE-2026-20873 | 7.80 | Verkrijgen van verhoogde rechten | | CVE-2026-20874 | 7.80 | Verkrijgen van verhoogde rechten | |----------------|------|-------------------------------------| Windows Client-Side Caching (CSC) Service: |----------------|------|-------------------------------------| | CVE-ID | CVSS | Impact | |----------------|------|-------------------------------------| | CVE-2026-20839 | 5.50 | Toegang tot gevoelige gegevens | |----------------|------|-------------------------------------| Host Process for Windows Tasks: |----------------|------|-------------------------------------| | CVE-ID | CVSS | Impact | |----------------|------|-------------------------------------| | CVE-2026-20941 | 7.80 | Verkrijgen van verhoogde rechten | |----------------|------|-------------------------------------| Graphics Kernel: |----------------|------|-------------------------------------| | CVE-ID | CVSS | Impact | |----------------|------|-------------------------------------| | CVE-2026-20814 | 7.00 | Verkrijgen van verhoogde rechten | | CVE-2026-20836 | 7.00 | Verkrijgen van verhoogde rechten | |----------------|------|-------------------------------------| Windows NTLM: |----------------|------|-------------------------------------| | CVE-ID | CVSS | Impact | |----------------|------|-------------------------------------| | CVE-2026-20925 | 6.50 | Voordoen als andere gebruiker | | CVE-2026-20872 | 6.50 | Voordoen als andere gebruiker | |----------------|------|-------------------------------------| Windows Ancillary Function Driver for WinSock: |----------------|------|-------------------------------------| | CVE-ID | CVSS | Impact | |----------------|------|-------------------------------------| | CVE-2026-20810 | 7.80 | Verkrijgen van verhoogde rechten | | CVE-2026-20831 | 7.00 | Verkrijgen van verhoogde rechten | | CVE-2026-20860 | 7.80 | Verkrijgen van verhoogde rechten | |----------------|------|-------------------------------------| Printer Association Object: |----------------|------|-------------------------------------| | CVE-ID | CVSS | Impact | |----------------|------|-------------------------------------| | CVE-2026-20808 | 7.00 | Verkrijgen van verhoogde rechten | |----------------|------|-------------------------------------| Windows Local Security Authority Subsystem Service (LSASS): |----------------|------|-------------------------------------| | CVE-ID | CVSS | Impact | |----------------|------|-------------------------------------| | CVE-2026-20875 | 7.50 | Denial-of-Service | | CVE-2026-20854 | 7.50 | Uitvoeren van willekeurige code | |----------------|------|-------------------------------------| Windows Kernel: |----------------|------|-------------------------------------| | CVE-ID | CVSS | Impact | |----------------|------|-------------------------------------| | CVE-2026-20818 | 6.20 | Toegang tot gevoelige gegevens | | CVE-2026-20838 | 5.50 | Toegang tot gevoelige gegevens | |----------------|------|-------------------------------------| Windows Secure Boot: |----------------|------|-------------------------------------| | CVE-ID | CVSS | Impact | |----------------|------|-------------------------------------| | CVE-2026-21265 | 6.40 | Omzeilen van beveiligingsmaatregel | |----------------|------|-------------------------------------| Windows Error Reporting: |----------------|------|-------------------------------------| | CVE-ID | CVSS | Impact | |----------------|------|-------------------------------------| | CVE-2026-20817 | 7.80 | Verkrijgen van verhoogde rechten | |----------------|------|-------------------------------------| Windows Kernel-Mode Drivers: |----------------|------|-------------------------------------| | CVE-ID | CVSS | Impact | |----------------|------|-------------------------------------| | CVE-2026-20859 | 7.80 | Verkrijgen van verhoogde rechten | |----------------|------|-------------------------------------| Windows Remote Procedure Call: |----------------|------|-------------------------------------| | CVE-ID | CVSS | Impact | |----------------|------|-------------------------------------| | CVE-2026-20821 | 6.20 | Toegang tot gevoelige gegevens | |----------------|------|-------------------------------------| Dynamic Root of Trust for Measurement (DRTM): |----------------|------|-------------------------------------| | CVE-ID | CVSS | Impact | |----------------|------|-------------------------------------| | CVE-2026-20962 | 4.40 | Toegang tot gevoelige gegevens | |----------------|------|-------------------------------------| Windows Telephony Service: |----------------|------|-------------------------------------| | CVE-ID | CVSS | Impact | |----------------|------|-------------------------------------| | CVE-2026-20931 | 8.00 | Verkrijgen van verhoogde rechten | |----------------|------|-------------------------------------| Windows Installer: |----------------|------|-------------------------------------| | CVE-ID | CVSS | Impact | |----------------|------|-------------------------------------| | CVE-2026-20816 | 7.80 | Verkrijgen van verhoogde rechten | |----------------|------|-------------------------------------| Microsoft Graphics Component: |----------------|------|-------------------------------------| | CVE-ID | CVSS | Impact | |----------------|------|-------------------------------------| | CVE-2026-20822 | 7.80 | Verkrijgen van verhoogde rechten | |----------------|------|-------------------------------------| Windows Hello: |----------------|------|-------------------------------------| | CVE-ID | CVSS | Impact | |----------------|------|-------------------------------------| | CVE-2026-20804 | 7.70 | <Vertaal: Tampering> | | CVE-2026-20852 | 7.70 | <Vertaal: Tampering> | |----------------|------|-------------------------------------| Windows WalletService: |----------------|------|-------------------------------------| | CVE-ID | CVSS | Impact | |----------------|------|-------------------------------------| | CVE-2026-20853 | 7.40 | Verkrijgen van verhoogde rechten | |----------------|------|-------------------------------------| Desktop Window Manager: |----------------|------|-------------------------------------| | CVE-ID | CVSS | Impact | |----------------|------|-------------------------------------| | CVE-2026-20805 | 5.50 | Toegang tot gevoelige gegevens | | CVE-2026-20871 | 7.80 | Verkrijgen van verhoogde rechten | |----------------|------|-------------------------------------| Connected Devices Platform Service (Cdpsvc): |----------------|------|-------------------------------------| | CVE-ID | CVSS | Impact | |----------------|------|-------------------------------------| | CVE-2026-20864 | 7.80 | Verkrijgen van verhoogde rechten | |----------------|------|-------------------------------------| Windows Internet Connection Sharing (ICS): |----------------|------|-------------------------------------| | CVE-ID | CVSS | Impact | |----------------|------|-------------------------------------| | CVE-2026-20828 | 4.60 | Toegang tot gevoelige gegevens | |----------------|------|-------------------------------------| Windows Kerberos: |----------------|------|-------------------------------------| | CVE-ID | CVSS | Impact | |----------------|------|-------------------------------------| | CVE-2026-20833 | 5.50 | Toegang tot gevoelige gegevens | | CVE-2026-20849 | 7.50 | Verkrijgen van verhoogde rechten | |----------------|------|-------------------------------------| Windows Motorola Soft Modem Driver: |----------------|------|-------------------------------------| | CVE-ID | CVSS | Impact | |----------------|------|-------------------------------------| | CVE-2024-55414 | 7.80 | Verkrijgen van verhoogde rechten | |----------------|------|-------------------------------------| Windows Routing and Remote Access Service (RRAS): |----------------|------|-------------------------------------| | CVE-ID | CVSS | Impact | |----------------|------|-------------------------------------| | CVE-2026-20843 | 7.80 | Verkrijgen van verhoogde rechten | | CVE-2026-20868 | 8.80 | Uitvoeren van willekeurige code | |----------------|------|-------------------------------------| Windows NTFS: |----------------|------|-------------------------------------| | CVE-ID | CVSS | Impact | |----------------|------|-------------------------------------| | CVE-2026-20840 | 7.80 | Uitvoeren van willekeurige code | | CVE-2026-20922 | 7.80 | Uitvoeren van willekeurige code | |----------------|------|-------------------------------------| Windows DWM: |----------------|------|-------------------------------------| | CVE-ID | CVSS | Impact | |----------------|------|-------------------------------------| | CVE-2026-20842 | 7.00 | Verkrijgen van verhoogde rechten | |----------------|------|-------------------------------------| Windows Hyper-V: |----------------|------|-------------------------------------| | CVE-ID | CVSS | Impact | |----------------|------|-------------------------------------| | CVE-2026-20825 | 4.40 | Toegang tot gevoelige gegevens | |----------------|------|-------------------------------------| Windows Kernel Memory: |----------------|------|-------------------------------------| | CVE-ID | CVSS | Impact | |----------------|------|-------------------------------------| | CVE-2026-20809 | 7.80 | Verkrijgen van verhoogde rechten | |----------------|------|-------------------------------------| Windows Server Update Service: |----------------|------|-------------------------------------| | CVE-ID | CVSS | Impact | |----------------|------|-------------------------------------| | CVE-2026-20856 | 8.10 | Uitvoeren van willekeurige code | |----------------|------|-------------------------------------| Windows File Explorer: |----------------|------|-------------------------------------| | CVE-ID | CVSS | Impact | |----------------|------|-------------------------------------| | CVE-2026-20823 | 5.50 | Toegang tot gevoelige gegevens | | CVE-2026-20932 | 5.50 | Toegang tot gevoelige gegevens | | CVE-2026-20937 | 5.50 | Toegang tot gevoelige gegevens | | CVE-2026-20939 | 5.50 | Toegang tot gevoelige gegevens | |----------------|------|-------------------------------------| Windows TPM: |----------------|------|-------------------------------------| | CVE-ID | CVSS | Impact | |----------------|------|-------------------------------------| | CVE-2026-20829 | 5.50 | Toegang tot gevoelige gegevens | |----------------|------|-------------------------------------| Windows Clipboard Server: |----------------|------|-------------------------------------| | CVE-ID | CVSS | Impact | |----------------|------|-------------------------------------| | CVE-2026-20844 | 7.40 | Verkrijgen van verhoogde rechten | |----------------|------|-------------------------------------| Windows Remote Procedure Call Interface Definition Language (IDL): |----------------|------|-------------------------------------| | CVE-ID | CVSS | Impact | |----------------|------|-------------------------------------| | CVE-2026-20832 | 7.80 | Verkrijgen van verhoogde rechten | |----------------|------|-------------------------------------| Windows Common Log File System Driver: |----------------|------|-------------------------------------| | CVE-ID | CVSS | Impact | |----------------|------|-------------------------------------| | CVE-2026-20820 | 7.80 | Verkrijgen van verhoogde rechten | |----------------|------|-------------------------------------| Windows Cloud Files Mini Filter Driver: |----------------|------|-------------------------------------| | CVE-ID | CVSS | Impact | |----------------|------|-------------------------------------| | CVE-2026-20857 | 7.80 | Verkrijgen van verhoogde rechten | | CVE-2026-20940 | 7.80 | Verkrijgen van verhoogde rechten | |----------------|------|-------------------------------------| Windows Win32K - ICOMP: |----------------|------|-------------------------------------| | CVE-ID | CVSS | Impact | |----------------|------|-------------------------------------| | CVE-2026-20811 | 7.80 | Verkrijgen van verhoogde rechten | | CVE-2026-20920 | 7.80 | Verkrijgen van verhoogde rechten | | CVE-2026-20863 | 7.00 | Verkrijgen van verhoogde rechten | | CVE-2026-20870 | 7.80 | Verkrijgen van verhoogde rechten | |----------------|------|-------------------------------------| Windows Virtualization-Based Security (VBS) Enclave: |----------------|------|-------------------------------------| | CVE-ID | CVSS | Impact | |----------------|------|-------------------------------------| | CVE-2026-20819 | 5.50 | Toegang tot gevoelige gegevens | | CVE-2026-20876 | 6.70 | Verkrijgen van verhoogde rechten | | CVE-2026-20938 | 7.80 | Verkrijgen van verhoogde rechten | | CVE-2026-20935 | 6.20 | Toegang tot gevoelige gegevens | |----------------|------|-------------------------------------| Agere Windows Modem Driver: |----------------|------|-------------------------------------| | CVE-ID | CVSS | Impact | |----------------|------|-------------------------------------| | CVE-2023-31096 | 7.80 | Verkrijgen van verhoogde rechten | |----------------|------|-------------------------------------| Windows LDAP - Lightweight Directory Access Protocol: |----------------|------|-------------------------------------| | CVE-ID | CVSS | Impact | |----------------|------|-------------------------------------| | CVE-2026-20812 | 6.50 | <Vertaal: Tampering> | |----------------|------|-------------------------------------| Windows HTTP.sys: |----------------|------|-------------------------------------| | CVE-ID | CVSS | Impact | |----------------|------|-------------------------------------| | CVE-2026-20929 | 7.50 | Verkrijgen van verhoogde rechten | |----------------|------|-------------------------------------| Windows Deployment Services: |----------------|------|-------------------------------------| | CVE-ID | CVSS | Impact | |----------------|------|-------------------------------------| | CVE-2026-0386 | 7.50 | Uitvoeren van willekeurige code | |----------------|------|-------------------------------------| Tablet Windows User Interface (TWINUI) Subsystem: |----------------|------|-------------------------------------| | CVE-ID | CVSS | Impact | |----------------|------|-------------------------------------| | CVE-2026-20826 | 7.80 | Verkrijgen van verhoogde rechten | | CVE-2026-20827 | 5.50 | Toegang tot gevoelige gegevens | |----------------|------|-------------------------------------| Windows SMB Server: |----------------|------|-------------------------------------| | CVE-ID | CVSS | Impact | |----------------|------|-------------------------------------| | CVE-2026-20919 | 7.50 | Verkrijgen van verhoogde rechten | | CVE-2026-20921 | 7.50 | Verkrijgen van verhoogde rechten | | CVE-2026-20926 | 7.50 | Verkrijgen van verhoogde rechten | | CVE-2026-20927 | 5.30 | Denial-of-Service | | CVE-2026-20934 | 7.50 | Verkrijgen van verhoogde rechten | | CVE-2026-20848 | 7.50 | Verkrijgen van verhoogde rechten | |----------------|------|-------------------------------------| Windows Shell: |----------------|------|-------------------------------------| | CVE-ID | CVSS | Impact | |----------------|------|-------------------------------------| | CVE-2026-20834 | 4.60 | Voordoen als andere gebruiker | | CVE-2026-20847 | 6.50 | Voordoen als andere gebruiker | |----------------|------|-------------------------------------| ```
Oplossingen
Microsoft heeft updates beschikbaar gesteld waarmee de beschreven kwetsbaarheden worden verholpen. We raden u aan om deze updates te installeren. Meer informatie over de kwetsbaarheden, de installatie van de updates en eventuele work-arounds vindt u op: https://portal.msrc.microsoft.com/en-us/security-guidance
Kans
medium
Schade
high
CWE-20
Improper Input Validation
CWE-36
Absolute Path Traversal
CWE-59
Improper Link Resolution Before File Access ('Link Following')
CWE-73
External Control of File Name or Path
CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CWE-121
Stack-based Buffer Overflow
CWE-122
Heap-based Buffer Overflow
CWE-125
Out-of-bounds Read
CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE-209
Generation of Error Message Containing Sensitive Information
CWE-266
Incorrect Privilege Assignment
CWE-280
Improper Handling of Insufficient Permissions or Privileges
CWE-284
Improper Access Control
CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CWE-359
Exposure of Private Personal Information to an Unauthorized Actor
CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CWE-367
Time-of-check Time-of-use (TOCTOU) Race Condition
CWE-415
Double Free
CWE-416
Use After Free
CWE-476
NULL Pointer Dereference
CWE-532
Insertion of Sensitive Information into Log File
CWE-590
Free of Memory not on the Heap
CWE-693
Protection Mechanism Failure
CWE-807
Reliance on Untrusted Inputs in a Security Decision
CWE-822
Untrusted Pointer Dereference
CWE-843
Access of Resource Using Incompatible Type ('Type Confusion')
CWE-908
Use of Uninitialized Resource
CWE-1329
Reliance on Component That is Not Updateable
To clipboard 

{
  "document": {
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE"
      }
    },
    "lang": "nl",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n    NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n    NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n    This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings."
      },
      {
        "category": "description",
        "text": "Microsoft heeft kwetsbaarheden verholpen in Windows",
        "title": "Feiten"
      },
      {
        "category": "description",
        "text": "Een kwaadwillende kan de kwetsbaarheden misbruiken om aanvallen uit te voeren die kunnen leiden tot de volgende categori\u00ebn schade:\n\n- Denial-of-Service (DoS)\n- Manipulatie van gegevens\n- Toegang tot gevoelige gegevens\n- Uitvoeren van willekeurige code (gebruikersrechten)\n- Uitvoeren van willekeurige code (root/admin)\n- Verkrijgen van verhoogde rechten\n- Omzeilen van een beveiligingsmaatregel\n- Spoofing\n\nVan de kwetsbaarheid met kenmerk CVE-2026-21265 meldt Microsoft informatie te hebben dat deze publiekelijk besproken wordt op fora. Een kwaadwillende kan de kwetsbaarheid misbruiken om Secure Boot te omzeilen. Misbruik is echter niet eenvoudig, vereist voorafgaande verhoogde rechten en een diepgaande kennis van het te compromitteren systeem. Grootschalig misbruik is hiermee zeer onwaarschijnlijk.\n\nVan de kwetsbaarheid met kenmerk CVE-2026-20805 meldt Microsoft dat deze als zeroday-kwetsbaarheid is misbruikt. Misbruik vereist lokale toegang en voorafgaande gebruikersauthenticatie. Verdere informatie is niet bekend gesteld. Grootschalig misbruik is niet waarschijnlijk.\n\nDe kwetsbaarheid met kenmerk CVE-2023-31096 is een oudere kwetsbaarheid in Broadcom modem drivers, zoals gebruikt in de (verouderde) Agere modems. Hiervan is al langer Proof-of-Concept-code bekend, maar grootschalig misbruik heeft voor zover bekend nog niet plaatsgevonden. Microsoft heeft in deze update de drivers verwijderd.\n\n```\nWindows Remote Assistance: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-20824 | 5.50 | Omzeilen van beveiligingsmaatregel  | \n|----------------|------|-------------------------------------|\n\nCapability Access Management Service (camsvc): \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-20815 | 7.00 | Verkrijgen van verhoogde rechten    | \n| CVE-2026-20835 | 5.50 | Toegang tot gevoelige gegevens      | \n| CVE-2026-20851 | 6.20 | Toegang tot gevoelige gegevens      | \n| CVE-2026-20830 | 7.00 | Verkrijgen van verhoogde rechten    | \n| CVE-2026-21221 | 7.00 | Verkrijgen van verhoogde rechten    | \n|----------------|------|-------------------------------------|\n\nWindows Media: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-20837 | 7.80 | Uitvoeren van willekeurige code     | \n|----------------|------|-------------------------------------|\n\nWindows Local Session Manager (LSM): \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-20869 | 7.00 | Verkrijgen van verhoogde rechten    | \n|----------------|------|-------------------------------------|\n\nWindows NDIS: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-20936 | 4.30 | Toegang tot gevoelige gegevens      | \n|----------------|------|-------------------------------------|\n\nWindows Management Services: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-20858 | 7.80 | Verkrijgen van verhoogde rechten    | \n| CVE-2026-20865 | 7.80 | Verkrijgen van verhoogde rechten    | \n| CVE-2026-20877 | 7.80 | Verkrijgen van verhoogde rechten    | \n| CVE-2026-20918 | 7.80 | Verkrijgen van verhoogde rechten    | \n| CVE-2026-20923 | 7.80 | Verkrijgen van verhoogde rechten    | \n| CVE-2026-20924 | 7.80 | Verkrijgen van verhoogde rechten    | \n| CVE-2026-20861 | 7.80 | Verkrijgen van verhoogde rechten    | \n| CVE-2026-20862 | 5.50 | Toegang tot gevoelige gegevens      | \n| CVE-2026-20866 | 7.80 | Verkrijgen van verhoogde rechten    | \n| CVE-2026-20867 | 7.80 | Verkrijgen van verhoogde rechten    | \n| CVE-2026-20873 | 7.80 | Verkrijgen van verhoogde rechten    | \n| CVE-2026-20874 | 7.80 | Verkrijgen van verhoogde rechten    | \n|----------------|------|-------------------------------------|\n\nWindows Client-Side Caching (CSC) Service: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-20839 | 5.50 | Toegang tot gevoelige gegevens      | \n|----------------|------|-------------------------------------|\n\nHost Process for Windows Tasks: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-20941 | 7.80 | Verkrijgen van verhoogde rechten    | \n|----------------|------|-------------------------------------|\n\nGraphics Kernel: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-20814 | 7.00 | Verkrijgen van verhoogde rechten    | \n| CVE-2026-20836 | 7.00 | Verkrijgen van verhoogde rechten    | \n|----------------|------|-------------------------------------|\n\nWindows NTLM: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-20925 | 6.50 | Voordoen als andere gebruiker       | \n| CVE-2026-20872 | 6.50 | Voordoen als andere gebruiker       | \n|----------------|------|-------------------------------------|\n\nWindows Ancillary Function Driver for WinSock: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-20810 | 7.80 | Verkrijgen van verhoogde rechten    | \n| CVE-2026-20831 | 7.00 | Verkrijgen van verhoogde rechten    | \n| CVE-2026-20860 | 7.80 | Verkrijgen van verhoogde rechten    | \n|----------------|------|-------------------------------------|\n\nPrinter Association Object: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-20808 | 7.00 | Verkrijgen van verhoogde rechten    | \n|----------------|------|-------------------------------------|\n\nWindows Local Security Authority Subsystem Service (LSASS): \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-20875 | 7.50 | Denial-of-Service                   | \n| CVE-2026-20854 | 7.50 | Uitvoeren van willekeurige code     | \n|----------------|------|-------------------------------------|\n\nWindows Kernel: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-20818 | 6.20 | Toegang tot gevoelige gegevens      | \n| CVE-2026-20838 | 5.50 | Toegang tot gevoelige gegevens      | \n|----------------|------|-------------------------------------|\n\nWindows Secure Boot: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-21265 | 6.40 | Omzeilen van beveiligingsmaatregel  | \n|----------------|------|-------------------------------------|\n\nWindows Error Reporting: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-20817 | 7.80 | Verkrijgen van verhoogde rechten    | \n|----------------|------|-------------------------------------|\n\nWindows Kernel-Mode Drivers: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-20859 | 7.80 | Verkrijgen van verhoogde rechten    | \n|----------------|------|-------------------------------------|\n\nWindows Remote Procedure Call: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-20821 | 6.20 | Toegang tot gevoelige gegevens      | \n|----------------|------|-------------------------------------|\n\nDynamic Root of Trust for Measurement (DRTM): \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-20962 | 4.40 | Toegang tot gevoelige gegevens      | \n|----------------|------|-------------------------------------|\n\nWindows Telephony Service: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-20931 | 8.00 | Verkrijgen van verhoogde rechten    | \n|----------------|------|-------------------------------------|\n\nWindows Installer: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-20816 | 7.80 | Verkrijgen van verhoogde rechten    | \n|----------------|------|-------------------------------------|\n\nMicrosoft Graphics Component: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-20822 | 7.80 | Verkrijgen van verhoogde rechten    | \n|----------------|------|-------------------------------------|\n\nWindows Hello: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-20804 | 7.70 | \u003cVertaal: Tampering\u003e                | \n| CVE-2026-20852 | 7.70 | \u003cVertaal: Tampering\u003e                | \n|----------------|------|-------------------------------------|\n\nWindows WalletService: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-20853 | 7.40 | Verkrijgen van verhoogde rechten    | \n|----------------|------|-------------------------------------|\n\nDesktop Window Manager: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-20805 | 5.50 | Toegang tot gevoelige gegevens      | \n| CVE-2026-20871 | 7.80 | Verkrijgen van verhoogde rechten    | \n|----------------|------|-------------------------------------|\n\nConnected Devices Platform Service (Cdpsvc): \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-20864 | 7.80 | Verkrijgen van verhoogde rechten    | \n|----------------|------|-------------------------------------|\n\nWindows Internet Connection Sharing (ICS): \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-20828 | 4.60 | Toegang tot gevoelige gegevens      | \n|----------------|------|-------------------------------------|\n\nWindows Kerberos: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-20833 | 5.50 | Toegang tot gevoelige gegevens      | \n| CVE-2026-20849 | 7.50 | Verkrijgen van verhoogde rechten    | \n|----------------|------|-------------------------------------|\n\nWindows Motorola Soft Modem Driver: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2024-55414 | 7.80 | Verkrijgen van verhoogde rechten    | \n|----------------|------|-------------------------------------|\n\nWindows Routing and Remote Access Service (RRAS): \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-20843 | 7.80 | Verkrijgen van verhoogde rechten    | \n| CVE-2026-20868 | 8.80 | Uitvoeren van willekeurige code     | \n|----------------|------|-------------------------------------|\n\nWindows NTFS: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-20840 | 7.80 | Uitvoeren van willekeurige code     | \n| CVE-2026-20922 | 7.80 | Uitvoeren van willekeurige code     | \n|----------------|------|-------------------------------------|\n\nWindows DWM: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-20842 | 7.00 | Verkrijgen van verhoogde rechten    | \n|----------------|------|-------------------------------------|\n\nWindows Hyper-V: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-20825 | 4.40 | Toegang tot gevoelige gegevens      | \n|----------------|------|-------------------------------------|\n\nWindows Kernel Memory: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-20809 | 7.80 | Verkrijgen van verhoogde rechten    | \n|----------------|------|-------------------------------------|\n\nWindows Server Update Service: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-20856 | 8.10 | Uitvoeren van willekeurige code     | \n|----------------|------|-------------------------------------|\n\nWindows File Explorer: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-20823 | 5.50 | Toegang tot gevoelige gegevens      | \n| CVE-2026-20932 | 5.50 | Toegang tot gevoelige gegevens      | \n| CVE-2026-20937 | 5.50 | Toegang tot gevoelige gegevens      | \n| CVE-2026-20939 | 5.50 | Toegang tot gevoelige gegevens      | \n|----------------|------|-------------------------------------|\n\nWindows TPM: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-20829 | 5.50 | Toegang tot gevoelige gegevens      | \n|----------------|------|-------------------------------------|\n\nWindows Clipboard Server: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-20844 | 7.40 | Verkrijgen van verhoogde rechten    | \n|----------------|------|-------------------------------------|\n\nWindows Remote Procedure Call Interface Definition Language (IDL): \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-20832 | 7.80 | Verkrijgen van verhoogde rechten    | \n|----------------|------|-------------------------------------|\n\nWindows Common Log File System Driver: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-20820 | 7.80 | Verkrijgen van verhoogde rechten    | \n|----------------|------|-------------------------------------|\n\nWindows Cloud Files Mini Filter Driver: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-20857 | 7.80 | Verkrijgen van verhoogde rechten    | \n| CVE-2026-20940 | 7.80 | Verkrijgen van verhoogde rechten    | \n|----------------|------|-------------------------------------|\n\nWindows Win32K - ICOMP: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-20811 | 7.80 | Verkrijgen van verhoogde rechten    | \n| CVE-2026-20920 | 7.80 | Verkrijgen van verhoogde rechten    | \n| CVE-2026-20863 | 7.00 | Verkrijgen van verhoogde rechten    | \n| CVE-2026-20870 | 7.80 | Verkrijgen van verhoogde rechten    | \n|----------------|------|-------------------------------------|\n\nWindows Virtualization-Based Security (VBS) Enclave: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-20819 | 5.50 | Toegang tot gevoelige gegevens      | \n| CVE-2026-20876 | 6.70 | Verkrijgen van verhoogde rechten    | \n| CVE-2026-20938 | 7.80 | Verkrijgen van verhoogde rechten    | \n| CVE-2026-20935 | 6.20 | Toegang tot gevoelige gegevens      | \n|----------------|------|-------------------------------------|\n\nAgere Windows Modem Driver: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2023-31096 | 7.80 | Verkrijgen van verhoogde rechten    | \n|----------------|------|-------------------------------------|\n\nWindows LDAP - Lightweight Directory Access Protocol: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-20812 | 6.50 | \u003cVertaal: Tampering\u003e                | \n|----------------|------|-------------------------------------|\n\nWindows HTTP.sys: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-20929 | 7.50 | Verkrijgen van verhoogde rechten    | \n|----------------|------|-------------------------------------|\n\nWindows Deployment Services: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-0386  | 7.50 | Uitvoeren van willekeurige code     | \n|----------------|------|-------------------------------------|\n\nTablet Windows User Interface (TWINUI) Subsystem: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-20826 | 7.80 | Verkrijgen van verhoogde rechten    | \n| CVE-2026-20827 | 5.50 | Toegang tot gevoelige gegevens      | \n|----------------|------|-------------------------------------|\n\nWindows SMB Server: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-20919 | 7.50 | Verkrijgen van verhoogde rechten    | \n| CVE-2026-20921 | 7.50 | Verkrijgen van verhoogde rechten    | \n| CVE-2026-20926 | 7.50 | Verkrijgen van verhoogde rechten    | \n| CVE-2026-20927 | 5.30 | Denial-of-Service                   | \n| CVE-2026-20934 | 7.50 | Verkrijgen van verhoogde rechten    | \n| CVE-2026-20848 | 7.50 | Verkrijgen van verhoogde rechten    | \n|----------------|------|-------------------------------------|\n\nWindows Shell: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-20834 | 4.60 | Voordoen als andere gebruiker       | \n| CVE-2026-20847 | 6.50 | Voordoen als andere gebruiker       | \n|----------------|------|-------------------------------------|\n\n```",
        "title": "Interpretaties"
      },
      {
        "category": "description",
        "text": "Microsoft heeft updates beschikbaar gesteld waarmee de beschreven kwetsbaarheden worden verholpen. We raden u aan om deze updates te installeren. Meer informatie over de kwetsbaarheden, de installatie van de updates en eventuele work-arounds vindt u op:\n\nhttps://portal.msrc.microsoft.com/en-us/security-guidance",
        "title": "Oplossingen"
      },
      {
        "category": "general",
        "text": "medium",
        "title": "Kans"
      },
      {
        "category": "general",
        "text": "high",
        "title": "Schade"
      },
      {
        "category": "general",
        "text": "Improper Input Validation",
        "title": "CWE-20"
      },
      {
        "category": "general",
        "text": "Absolute Path Traversal",
        "title": "CWE-36"
      },
      {
        "category": "general",
        "text": "Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
        "title": "CWE-59"
      },
      {
        "category": "general",
        "text": "External Control of File Name or Path",
        "title": "CWE-73"
      },
      {
        "category": "general",
        "text": "Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
        "title": "CWE-77"
      },
      {
        "category": "general",
        "text": "Stack-based Buffer Overflow",
        "title": "CWE-121"
      },
      {
        "category": "general",
        "text": "Heap-based Buffer Overflow",
        "title": "CWE-122"
      },
      {
        "category": "general",
        "text": "Out-of-bounds Read",
        "title": "CWE-125"
      },
      {
        "category": "general",
        "text": "Exposure of Sensitive Information to an Unauthorized Actor",
        "title": "CWE-200"
      },
      {
        "category": "general",
        "text": "Generation of Error Message Containing Sensitive Information",
        "title": "CWE-209"
      },
      {
        "category": "general",
        "text": "Incorrect Privilege Assignment",
        "title": "CWE-266"
      },
      {
        "category": "general",
        "text": "Improper Handling of Insufficient Permissions or Privileges ",
        "title": "CWE-280"
      },
      {
        "category": "general",
        "text": "Improper Access Control",
        "title": "CWE-284"
      },
      {
        "category": "general",
        "text": "Use of a Broken or Risky Cryptographic Algorithm",
        "title": "CWE-327"
      },
      {
        "category": "general",
        "text": "Exposure of Private Personal Information to an Unauthorized Actor",
        "title": "CWE-359"
      },
      {
        "category": "general",
        "text": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
        "title": "CWE-362"
      },
      {
        "category": "general",
        "text": "Time-of-check Time-of-use (TOCTOU) Race Condition",
        "title": "CWE-367"
      },
      {
        "category": "general",
        "text": "Double Free",
        "title": "CWE-415"
      },
      {
        "category": "general",
        "text": "Use After Free",
        "title": "CWE-416"
      },
      {
        "category": "general",
        "text": "NULL Pointer Dereference",
        "title": "CWE-476"
      },
      {
        "category": "general",
        "text": "Insertion of Sensitive Information into Log File",
        "title": "CWE-532"
      },
      {
        "category": "general",
        "text": "Free of Memory not on the Heap",
        "title": "CWE-590"
      },
      {
        "category": "general",
        "text": "Protection Mechanism Failure",
        "title": "CWE-693"
      },
      {
        "category": "general",
        "text": "Reliance on Untrusted Inputs in a Security Decision",
        "title": "CWE-807"
      },
      {
        "category": "general",
        "text": "Untrusted Pointer Dereference",
        "title": "CWE-822"
      },
      {
        "category": "general",
        "text": "Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)",
        "title": "CWE-843"
      },
      {
        "category": "general",
        "text": "Use of Uninitialized Resource",
        "title": "CWE-908"
      },
      {
        "category": "general",
        "text": "Reliance on Component That is Not Updateable",
        "title": "CWE-1329"
      }
    ],
    "publisher": {
      "category": "coordinator",
      "contact_details": "cert@ncsc.nl",
      "name": "Nationaal Cyber Security Centrum",
      "namespace": "https://www.ncsc.nl/"
    },
    "title": "Kwetsbaarheden verholpen in Microsoft Windows",
    "tracking": {
      "current_release_date": "2026-01-13T19:16:30.720079Z",
      "generator": {
        "date": "2025-08-04T16:30:00Z",
        "engine": {
          "name": "V.A.",
          "version": "1.3"
        }
      },
      "id": "NCSC-2026-0007",
      "initial_release_date": "2026-01-13T19:16:30.720079Z",
      "revision_history": [
        {
          "date": "2026-01-13T19:16:30.720079Z",
          "number": "1.0.0",
          "summary": "Initiele versie"
        }
      ],
      "status": "final",
      "version": "1.0.0"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-1"
                }
              }
            ],
            "category": "product_name",
            "name": "Windows 10 1607"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-2"
                }
              }
            ],
            "category": "product_name",
            "name": "Windows 10 1809"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-3"
                }
              }
            ],
            "category": "product_name",
            "name": "Windows 10 21h2"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-4"
                }
              }
            ],
            "category": "product_name",
            "name": "Windows 10 22h2"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-5"
                }
              }
            ],
            "category": "product_name",
            "name": "Windows 10 Version 1607"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-6"
                }
              }
            ],
            "category": "product_name",
            "name": "Windows 10 Version 1607 for 32-bit Systems"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-7"
                }
              }
            ],
            "category": "product_name",
            "name": "Windows 10 Version 1607 for x64-based Systems"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-8"
                }
              }
            ],
            "category": "product_name",
            "name": "Windows 10 Version 1809"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-9"
                }
              }
            ],
            "category": "product_name",
            "name": "Windows 10 Version 1809 for 32-bit Systems"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-10"
                }
              }
            ],
            "category": "product_name",
            "name": "Windows 10 Version 1809 for x64-based Systems"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-11"
                }
              }
            ],
            "category": "product_name",
            "name": "Windows 10 Version 21H2"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-12"
                }
              }
            ],
            "category": "product_name",
            "name": "Windows 10 Version 21H2 for 32-bit Systems"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-13"
                }
              }
            ],
            "category": "product_name",
            "name": "Windows 10 Version 21H2 for ARM64-based Systems"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-14"
                }
              }
            ],
            "category": "product_name",
            "name": "Windows 10 Version 21H2 for x64-based Systems"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-15"
                }
              }
            ],
            "category": "product_name",
            "name": "Windows 10 Version 22H2"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-16"
                }
              }
            ],
            "category": "product_name",
            "name": "Windows 10 Version 22H2 for 32-bit Systems"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-17"
                }
              }
            ],
            "category": "product_name",
            "name": "Windows 10 Version 22H2 for ARM64-based Systems"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-18"
                }
              }
            ],
            "category": "product_name",
            "name": "Windows 10 Version 22H2 for x64-based Systems"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-19"
                }
              }
            ],
            "category": "product_name",
            "name": "Windows 11 23H2"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-20"
                }
              }
            ],
            "category": "product_name",
            "name": "Windows 11 Version 23H2"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-21"
                }
              }
            ],
            "category": "product_name",
            "name": "Windows 11 Version 23H2 for ARM64-based Systems"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-22"
                }
              }
            ],
            "category": "product_name",
            "name": "Windows 11 Version 23H2 for x64-based Systems"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-23"
                }
              }
            ],
            "category": "product_name",
            "name": "Windows 11 Version 24H2"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-24"
                }
              }
            ],
            "category": "product_name",
            "name": "Windows 11 Version 24H2 for ARM64-based Systems"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-25"
                }
              }
            ],
            "category": "product_name",
            "name": "Windows 11 Version 24H2 for x64-based Systems"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-26"
                }
              }
            ],
            "category": "product_name",
            "name": "Windows 11 Version 25H2"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-27"
                }
              }
            ],
            "category": "product_name",
            "name": "Windows 11 Version 25H2 for ARM64-based Systems"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-28"
                }
              }
            ],
            "category": "product_name",
            "name": "Windows 11 Version 25H2 for x64-based Systems"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-29"
                }
              }
            ],
            "category": "product_name",
            "name": "Windows 11 version 22H3"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-30"
                }
              }
            ],
            "category": "product_name",
            "name": "Windows Server 2008 R2 Service Pack 1"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-31"
                }
              }
            ],
            "category": "product_name",
            "name": "Windows Server 2008 R2 Service Pack 1 (Server Core installation)"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-32"
                }
              }
            ],
            "category": "product_name",
            "name": "Windows Server 2008 R2 for x64-based Systems Service Pack 1"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-33"
                }
              }
            ],
            "category": "product_name",
            "name": "Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-34"
                }
              }
            ],
            "category": "product_name",
            "name": "Windows Server 2008 Service Pack 2"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-35"
                }
              }
            ],
            "category": "product_name",
            "name": "Windows Server 2008 Service Pack 2 (Server Core installation)"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-36"
                }
              }
            ],
            "category": "product_name",
            "name": "Windows Server 2008 for 32-bit Systems Service Pack 2"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-37"
                }
              }
            ],
            "category": "product_name",
            "name": "Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-38"
                }
              }
            ],
            "category": "product_name",
            "name": "Windows Server 2008 for x64-based Systems Service Pack 2"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-39"
                }
              }
            ],
            "category": "product_name",
            "name": "Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-40"
                }
              }
            ],
            "category": "product_name",
            "name": "Windows Server 2012"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-41"
                }
              }
            ],
            "category": "product_name",
            "name": "Windows Server 2012 (Server Core installation)"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-42"
                }
              }
            ],
            "category": "product_name",
            "name": "Windows Server 2012 R2"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-43"
                }
              }
            ],
            "category": "product_name",
            "name": "Windows Server 2012 R2 (Server Core installation)"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-44"
                }
              }
            ],
            "category": "product_name",
            "name": "Windows Server 2016"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-45"
                }
              }
            ],
            "category": "product_name",
            "name": "Windows Server 2016 (Server Core installation)"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-46"
                }
              }
            ],
            "category": "product_name",
            "name": "Windows Server 2019"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-47"
                }
              }
            ],
            "category": "product_name",
            "name": "Windows Server 2019 (Server Core installation)"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-48"
                }
              }
            ],
            "category": "product_name",
            "name": "Windows Server 2022"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-49"
                }
              }
            ],
            "category": "product_name",
            "name": "Windows Server 2022 (Server Core installation)"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-50"
                }
              }
            ],
            "category": "product_name",
            "name": "Windows Server 2022, 23H2 Edition (Server Core installation)"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-51"
                }
              }
            ],
            "category": "product_name",
            "name": "Windows Server 2025"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-52"
                }
              }
            ],
            "category": "product_name",
            "name": "Windows Server 2025 (Server Core installation)"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-53"
                }
              }
            ],
            "category": "product_name",
            "name": "Windows_11_25H2"
          }
        ],
        "category": "vendor",
        "name": "Microsoft"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2026-20818",
      "cwe": {
        "id": "CWE-532",
        "name": "Insertion of Sensitive Information into Log File"
      },
      "notes": [
        {
          "category": "other",
          "text": "Insertion of Sensitive Information into Log File",
          "title": "CWE-532"
        },
        {
          "category": "description",
          "text": "The insertion of sensitive information into the Windows Kernel log file poses a risk of unauthorized local information disclosure by attackers.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20",
          "CSAFPID-21",
          "CSAFPID-22",
          "CSAFPID-23",
          "CSAFPID-24",
          "CSAFPID-25",
          "CSAFPID-26",
          "CSAFPID-27",
          "CSAFPID-28",
          "CSAFPID-29",
          "CSAFPID-30",
          "CSAFPID-31",
          "CSAFPID-32",
          "CSAFPID-33",
          "CSAFPID-34",
          "CSAFPID-35",
          "CSAFPID-36",
          "CSAFPID-37",
          "CSAFPID-38",
          "CSAFPID-39",
          "CSAFPID-40",
          "CSAFPID-41",
          "CSAFPID-42",
          "CSAFPID-43",
          "CSAFPID-44",
          "CSAFPID-45",
          "CSAFPID-46",
          "CSAFPID-47",
          "CSAFPID-48",
          "CSAFPID-49",
          "CSAFPID-50",
          "CSAFPID-51",
          "CSAFPID-52",
          "CSAFPID-53"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-20818 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20818.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.2,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20",
            "CSAFPID-21",
            "CSAFPID-22",
            "CSAFPID-23",
            "CSAFPID-24",
            "CSAFPID-25",
            "CSAFPID-26",
            "CSAFPID-27",
            "CSAFPID-28",
            "CSAFPID-29",
            "CSAFPID-30",
            "CSAFPID-31",
            "CSAFPID-32",
            "CSAFPID-33",
            "CSAFPID-34",
            "CSAFPID-35",
            "CSAFPID-36",
            "CSAFPID-37",
            "CSAFPID-38",
            "CSAFPID-39",
            "CSAFPID-40",
            "CSAFPID-41",
            "CSAFPID-42",
            "CSAFPID-43",
            "CSAFPID-44",
            "CSAFPID-45",
            "CSAFPID-46",
            "CSAFPID-47",
            "CSAFPID-48",
            "CSAFPID-49",
            "CSAFPID-50",
            "CSAFPID-51",
            "CSAFPID-52",
            "CSAFPID-53"
          ]
        }
      ],
      "title": "CVE-2026-20818"
    },
    {
      "cve": "CVE-2026-20833",
      "cwe": {
        "id": "CWE-327",
        "name": "Use of a Broken or Risky Cryptographic Algorithm"
      },
      "notes": [
        {
          "category": "other",
          "text": "Use of a Broken or Risky Cryptographic Algorithm",
          "title": "CWE-327"
        },
        {
          "category": "description",
          "text": "A compromised cryptographic algorithm in Windows Kerberos allows authorized attackers to locally disclose sensitive information.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20",
          "CSAFPID-21",
          "CSAFPID-22",
          "CSAFPID-23",
          "CSAFPID-24",
          "CSAFPID-25",
          "CSAFPID-26",
          "CSAFPID-27",
          "CSAFPID-28",
          "CSAFPID-29",
          "CSAFPID-30",
          "CSAFPID-31",
          "CSAFPID-32",
          "CSAFPID-33",
          "CSAFPID-34",
          "CSAFPID-35",
          "CSAFPID-36",
          "CSAFPID-37",
          "CSAFPID-38",
          "CSAFPID-39",
          "CSAFPID-40",
          "CSAFPID-41",
          "CSAFPID-42",
          "CSAFPID-43",
          "CSAFPID-44",
          "CSAFPID-45",
          "CSAFPID-46",
          "CSAFPID-47",
          "CSAFPID-48",
          "CSAFPID-49",
          "CSAFPID-50",
          "CSAFPID-51",
          "CSAFPID-52",
          "CSAFPID-53"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-20833 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20833.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20",
            "CSAFPID-21",
            "CSAFPID-22",
            "CSAFPID-23",
            "CSAFPID-24",
            "CSAFPID-25",
            "CSAFPID-26",
            "CSAFPID-27",
            "CSAFPID-28",
            "CSAFPID-29",
            "CSAFPID-30",
            "CSAFPID-31",
            "CSAFPID-32",
            "CSAFPID-33",
            "CSAFPID-34",
            "CSAFPID-35",
            "CSAFPID-36",
            "CSAFPID-37",
            "CSAFPID-38",
            "CSAFPID-39",
            "CSAFPID-40",
            "CSAFPID-41",
            "CSAFPID-42",
            "CSAFPID-43",
            "CSAFPID-44",
            "CSAFPID-45",
            "CSAFPID-46",
            "CSAFPID-47",
            "CSAFPID-48",
            "CSAFPID-49",
            "CSAFPID-50",
            "CSAFPID-51",
            "CSAFPID-52",
            "CSAFPID-53"
          ]
        }
      ],
      "title": "CVE-2026-20833"
    },
    {
      "cve": "CVE-2026-20920",
      "cwe": {
        "id": "CWE-416",
        "name": "Use After Free"
      },
      "notes": [
        {
          "category": "other",
          "text": "Use After Free",
          "title": "CWE-416"
        },
        {
          "category": "description",
          "text": "A use-after-free vulnerability in Windows Win32K - ICOMP allows an authorized attacker to locally elevate their privileges.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20",
          "CSAFPID-21",
          "CSAFPID-22",
          "CSAFPID-23",
          "CSAFPID-24",
          "CSAFPID-25",
          "CSAFPID-26",
          "CSAFPID-27",
          "CSAFPID-28",
          "CSAFPID-29",
          "CSAFPID-30",
          "CSAFPID-31",
          "CSAFPID-32",
          "CSAFPID-33",
          "CSAFPID-34",
          "CSAFPID-35",
          "CSAFPID-36",
          "CSAFPID-37",
          "CSAFPID-38",
          "CSAFPID-39",
          "CSAFPID-40",
          "CSAFPID-41",
          "CSAFPID-42",
          "CSAFPID-43",
          "CSAFPID-44",
          "CSAFPID-45",
          "CSAFPID-46",
          "CSAFPID-47",
          "CSAFPID-48",
          "CSAFPID-49",
          "CSAFPID-50",
          "CSAFPID-51",
          "CSAFPID-52",
          "CSAFPID-53"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-20920 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20920.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20",
            "CSAFPID-21",
            "CSAFPID-22",
            "CSAFPID-23",
            "CSAFPID-24",
            "CSAFPID-25",
            "CSAFPID-26",
            "CSAFPID-27",
            "CSAFPID-28",
            "CSAFPID-29",
            "CSAFPID-30",
            "CSAFPID-31",
            "CSAFPID-32",
            "CSAFPID-33",
            "CSAFPID-34",
            "CSAFPID-35",
            "CSAFPID-36",
            "CSAFPID-37",
            "CSAFPID-38",
            "CSAFPID-39",
            "CSAFPID-40",
            "CSAFPID-41",
            "CSAFPID-42",
            "CSAFPID-43",
            "CSAFPID-44",
            "CSAFPID-45",
            "CSAFPID-46",
            "CSAFPID-47",
            "CSAFPID-48",
            "CSAFPID-49",
            "CSAFPID-50",
            "CSAFPID-51",
            "CSAFPID-52",
            "CSAFPID-53"
          ]
        }
      ],
      "title": "CVE-2026-20920"
    },
    {
      "cve": "CVE-2026-20830",
      "cwe": {
        "id": "CWE-362",
        "name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)"
      },
      "notes": [
        {
          "category": "other",
          "text": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
          "title": "CWE-362"
        },
        {
          "category": "other",
          "text": "Use After Free",
          "title": "CWE-416"
        },
        {
          "category": "description",
          "text": "The Capability Access Management Service (camsvc) has a vulnerability that allows an authorized attacker to locally elevate privileges due to improper synchronization in concurrent execution.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20",
          "CSAFPID-21",
          "CSAFPID-22",
          "CSAFPID-23",
          "CSAFPID-24",
          "CSAFPID-25",
          "CSAFPID-26",
          "CSAFPID-27",
          "CSAFPID-28",
          "CSAFPID-29",
          "CSAFPID-30",
          "CSAFPID-31",
          "CSAFPID-32",
          "CSAFPID-33",
          "CSAFPID-34",
          "CSAFPID-35",
          "CSAFPID-36",
          "CSAFPID-37",
          "CSAFPID-38",
          "CSAFPID-39",
          "CSAFPID-40",
          "CSAFPID-41",
          "CSAFPID-42",
          "CSAFPID-43",
          "CSAFPID-44",
          "CSAFPID-45",
          "CSAFPID-46",
          "CSAFPID-47",
          "CSAFPID-48",
          "CSAFPID-49",
          "CSAFPID-50",
          "CSAFPID-51",
          "CSAFPID-52",
          "CSAFPID-53"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-20830 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20830.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.0,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20",
            "CSAFPID-21",
            "CSAFPID-22",
            "CSAFPID-23",
            "CSAFPID-24",
            "CSAFPID-25",
            "CSAFPID-26",
            "CSAFPID-27",
            "CSAFPID-28",
            "CSAFPID-29",
            "CSAFPID-30",
            "CSAFPID-31",
            "CSAFPID-32",
            "CSAFPID-33",
            "CSAFPID-34",
            "CSAFPID-35",
            "CSAFPID-36",
            "CSAFPID-37",
            "CSAFPID-38",
            "CSAFPID-39",
            "CSAFPID-40",
            "CSAFPID-41",
            "CSAFPID-42",
            "CSAFPID-43",
            "CSAFPID-44",
            "CSAFPID-45",
            "CSAFPID-46",
            "CSAFPID-47",
            "CSAFPID-48",
            "CSAFPID-49",
            "CSAFPID-50",
            "CSAFPID-51",
            "CSAFPID-52",
            "CSAFPID-53"
          ]
        }
      ],
      "title": "CVE-2026-20830"
    },
    {
      "cve": "CVE-2026-20962",
      "cwe": {
        "id": "CWE-908",
        "name": "Use of Uninitialized Resource"
      },
      "notes": [
        {
          "category": "other",
          "text": "Use of Uninitialized Resource",
          "title": "CWE-908"
        },
        {
          "category": "description",
          "text": "The document highlights a vulnerability in the Dynamic Root of Trust for Measurement (DRTM) that allows an authorized attacker to disclose information locally due to uninitialized resources.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20",
          "CSAFPID-21",
          "CSAFPID-22",
          "CSAFPID-23",
          "CSAFPID-24",
          "CSAFPID-25",
          "CSAFPID-26",
          "CSAFPID-27",
          "CSAFPID-28",
          "CSAFPID-29",
          "CSAFPID-30",
          "CSAFPID-31",
          "CSAFPID-32",
          "CSAFPID-33",
          "CSAFPID-34",
          "CSAFPID-35",
          "CSAFPID-36",
          "CSAFPID-37",
          "CSAFPID-38",
          "CSAFPID-39",
          "CSAFPID-40",
          "CSAFPID-41",
          "CSAFPID-42",
          "CSAFPID-43",
          "CSAFPID-44",
          "CSAFPID-45",
          "CSAFPID-46",
          "CSAFPID-47",
          "CSAFPID-48",
          "CSAFPID-49",
          "CSAFPID-50",
          "CSAFPID-51",
          "CSAFPID-52",
          "CSAFPID-53"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-20962 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20962.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.4,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20",
            "CSAFPID-21",
            "CSAFPID-22",
            "CSAFPID-23",
            "CSAFPID-24",
            "CSAFPID-25",
            "CSAFPID-26",
            "CSAFPID-27",
            "CSAFPID-28",
            "CSAFPID-29",
            "CSAFPID-30",
            "CSAFPID-31",
            "CSAFPID-32",
            "CSAFPID-33",
            "CSAFPID-34",
            "CSAFPID-35",
            "CSAFPID-36",
            "CSAFPID-37",
            "CSAFPID-38",
            "CSAFPID-39",
            "CSAFPID-40",
            "CSAFPID-41",
            "CSAFPID-42",
            "CSAFPID-43",
            "CSAFPID-44",
            "CSAFPID-45",
            "CSAFPID-46",
            "CSAFPID-47",
            "CSAFPID-48",
            "CSAFPID-49",
            "CSAFPID-50",
            "CSAFPID-51",
            "CSAFPID-52",
            "CSAFPID-53"
          ]
        }
      ],
      "title": "CVE-2026-20962"
    },
    {
      "cve": "CVE-2026-21265",
      "cwe": {
        "id": "CWE-1329",
        "name": "Reliance on Component That is Not Updateable"
      },
      "notes": [
        {
          "category": "other",
          "text": "Reliance on Component That is Not Updateable",
          "title": "CWE-1329"
        },
        {
          "category": "description",
          "text": "Windows Secure Boot\u0027s reliance on expiring Microsoft certificates stored in UEFI KEK and DB necessitates updates, while potential firmware defects in the certificate update mechanism could disrupt the Secure Boot trust chain.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20",
          "CSAFPID-21",
          "CSAFPID-22",
          "CSAFPID-23",
          "CSAFPID-24",
          "CSAFPID-25",
          "CSAFPID-26",
          "CSAFPID-27",
          "CSAFPID-28",
          "CSAFPID-29",
          "CSAFPID-30",
          "CSAFPID-31",
          "CSAFPID-32",
          "CSAFPID-33",
          "CSAFPID-34",
          "CSAFPID-35",
          "CSAFPID-36",
          "CSAFPID-37",
          "CSAFPID-38",
          "CSAFPID-39",
          "CSAFPID-40",
          "CSAFPID-41",
          "CSAFPID-42",
          "CSAFPID-43",
          "CSAFPID-44",
          "CSAFPID-45",
          "CSAFPID-46",
          "CSAFPID-47",
          "CSAFPID-48",
          "CSAFPID-49",
          "CSAFPID-50",
          "CSAFPID-51",
          "CSAFPID-52",
          "CSAFPID-53"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-21265 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-21265.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.4,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20",
            "CSAFPID-21",
            "CSAFPID-22",
            "CSAFPID-23",
            "CSAFPID-24",
            "CSAFPID-25",
            "CSAFPID-26",
            "CSAFPID-27",
            "CSAFPID-28",
            "CSAFPID-29",
            "CSAFPID-30",
            "CSAFPID-31",
            "CSAFPID-32",
            "CSAFPID-33",
            "CSAFPID-34",
            "CSAFPID-35",
            "CSAFPID-36",
            "CSAFPID-37",
            "CSAFPID-38",
            "CSAFPID-39",
            "CSAFPID-40",
            "CSAFPID-41",
            "CSAFPID-42",
            "CSAFPID-43",
            "CSAFPID-44",
            "CSAFPID-45",
            "CSAFPID-46",
            "CSAFPID-47",
            "CSAFPID-48",
            "CSAFPID-49",
            "CSAFPID-50",
            "CSAFPID-51",
            "CSAFPID-52",
            "CSAFPID-53"
          ]
        }
      ],
      "title": "CVE-2026-21265"
    },
    {
      "cve": "CVE-2026-20804",
      "cwe": {
        "id": "CWE-266",
        "name": "Incorrect Privilege Assignment"
      },
      "notes": [
        {
          "category": "other",
          "text": "Incorrect Privilege Assignment",
          "title": "CWE-266"
        },
        {
          "category": "description",
          "text": "An incorrect privilege assignment in Windows Hello allows unauthorized attackers to locally manipulate the system.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20",
          "CSAFPID-21",
          "CSAFPID-22",
          "CSAFPID-23",
          "CSAFPID-24",
          "CSAFPID-25",
          "CSAFPID-26",
          "CSAFPID-27",
          "CSAFPID-28",
          "CSAFPID-29",
          "CSAFPID-30",
          "CSAFPID-31",
          "CSAFPID-32",
          "CSAFPID-33",
          "CSAFPID-34",
          "CSAFPID-35",
          "CSAFPID-36",
          "CSAFPID-37",
          "CSAFPID-38",
          "CSAFPID-39",
          "CSAFPID-40",
          "CSAFPID-41",
          "CSAFPID-42",
          "CSAFPID-43",
          "CSAFPID-44",
          "CSAFPID-45",
          "CSAFPID-46",
          "CSAFPID-47",
          "CSAFPID-48",
          "CSAFPID-49",
          "CSAFPID-50",
          "CSAFPID-51",
          "CSAFPID-52",
          "CSAFPID-53"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-20804 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20804.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.7,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20",
            "CSAFPID-21",
            "CSAFPID-22",
            "CSAFPID-23",
            "CSAFPID-24",
            "CSAFPID-25",
            "CSAFPID-26",
            "CSAFPID-27",
            "CSAFPID-28",
            "CSAFPID-29",
            "CSAFPID-30",
            "CSAFPID-31",
            "CSAFPID-32",
            "CSAFPID-33",
            "CSAFPID-34",
            "CSAFPID-35",
            "CSAFPID-36",
            "CSAFPID-37",
            "CSAFPID-38",
            "CSAFPID-39",
            "CSAFPID-40",
            "CSAFPID-41",
            "CSAFPID-42",
            "CSAFPID-43",
            "CSAFPID-44",
            "CSAFPID-45",
            "CSAFPID-46",
            "CSAFPID-47",
            "CSAFPID-48",
            "CSAFPID-49",
            "CSAFPID-50",
            "CSAFPID-51",
            "CSAFPID-52",
            "CSAFPID-53"
          ]
        }
      ],
      "title": "CVE-2026-20804"
    },
    {
      "cve": "CVE-2026-20805",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "notes": [
        {
          "category": "other",
          "text": "Exposure of Sensitive Information to an Unauthorized Actor",
          "title": "CWE-200"
        },
        {
          "category": "description",
          "text": "A vulnerability in Desktop Windows Manager allows an authorized attacker to locally disclose sensitive information.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20",
          "CSAFPID-21",
          "CSAFPID-22",
          "CSAFPID-23",
          "CSAFPID-24",
          "CSAFPID-25",
          "CSAFPID-26",
          "CSAFPID-27",
          "CSAFPID-28",
          "CSAFPID-29",
          "CSAFPID-30",
          "CSAFPID-31",
          "CSAFPID-32",
          "CSAFPID-33",
          "CSAFPID-34",
          "CSAFPID-35",
          "CSAFPID-36",
          "CSAFPID-37",
          "CSAFPID-38",
          "CSAFPID-39",
          "CSAFPID-40",
          "CSAFPID-41",
          "CSAFPID-42",
          "CSAFPID-43",
          "CSAFPID-44",
          "CSAFPID-45",
          "CSAFPID-46",
          "CSAFPID-47",
          "CSAFPID-48",
          "CSAFPID-49",
          "CSAFPID-50",
          "CSAFPID-51",
          "CSAFPID-52",
          "CSAFPID-53"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-20805 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20805.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20",
            "CSAFPID-21",
            "CSAFPID-22",
            "CSAFPID-23",
            "CSAFPID-24",
            "CSAFPID-25",
            "CSAFPID-26",
            "CSAFPID-27",
            "CSAFPID-28",
            "CSAFPID-29",
            "CSAFPID-30",
            "CSAFPID-31",
            "CSAFPID-32",
            "CSAFPID-33",
            "CSAFPID-34",
            "CSAFPID-35",
            "CSAFPID-36",
            "CSAFPID-37",
            "CSAFPID-38",
            "CSAFPID-39",
            "CSAFPID-40",
            "CSAFPID-41",
            "CSAFPID-42",
            "CSAFPID-43",
            "CSAFPID-44",
            "CSAFPID-45",
            "CSAFPID-46",
            "CSAFPID-47",
            "CSAFPID-48",
            "CSAFPID-49",
            "CSAFPID-50",
            "CSAFPID-51",
            "CSAFPID-52",
            "CSAFPID-53"
          ]
        }
      ],
      "title": "CVE-2026-20805"
    },
    {
      "cve": "CVE-2026-20808",
      "cwe": {
        "id": "CWE-362",
        "name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)"
      },
      "notes": [
        {
          "category": "other",
          "text": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
          "title": "CWE-362"
        },
        {
          "category": "description",
          "text": "A race condition in the Printer Association Object due to improper synchronization allows an authorized attacker to locally elevate privileges.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20",
          "CSAFPID-21",
          "CSAFPID-22",
          "CSAFPID-23",
          "CSAFPID-24",
          "CSAFPID-25",
          "CSAFPID-26",
          "CSAFPID-27",
          "CSAFPID-28",
          "CSAFPID-29",
          "CSAFPID-30",
          "CSAFPID-31",
          "CSAFPID-32",
          "CSAFPID-33",
          "CSAFPID-34",
          "CSAFPID-35",
          "CSAFPID-36",
          "CSAFPID-37",
          "CSAFPID-38",
          "CSAFPID-39",
          "CSAFPID-40",
          "CSAFPID-41",
          "CSAFPID-42",
          "CSAFPID-43",
          "CSAFPID-44",
          "CSAFPID-45",
          "CSAFPID-46",
          "CSAFPID-47",
          "CSAFPID-48",
          "CSAFPID-49",
          "CSAFPID-50",
          "CSAFPID-51",
          "CSAFPID-52",
          "CSAFPID-53"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-20808 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20808.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.0,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20",
            "CSAFPID-21",
            "CSAFPID-22",
            "CSAFPID-23",
            "CSAFPID-24",
            "CSAFPID-25",
            "CSAFPID-26",
            "CSAFPID-27",
            "CSAFPID-28",
            "CSAFPID-29",
            "CSAFPID-30",
            "CSAFPID-31",
            "CSAFPID-32",
            "CSAFPID-33",
            "CSAFPID-34",
            "CSAFPID-35",
            "CSAFPID-36",
            "CSAFPID-37",
            "CSAFPID-38",
            "CSAFPID-39",
            "CSAFPID-40",
            "CSAFPID-41",
            "CSAFPID-42",
            "CSAFPID-43",
            "CSAFPID-44",
            "CSAFPID-45",
            "CSAFPID-46",
            "CSAFPID-47",
            "CSAFPID-48",
            "CSAFPID-49",
            "CSAFPID-50",
            "CSAFPID-51",
            "CSAFPID-52",
            "CSAFPID-53"
          ]
        }
      ],
      "title": "CVE-2026-20808"
    },
    {
      "cve": "CVE-2026-20809",
      "cwe": {
        "id": "CWE-122",
        "name": "Heap-based Buffer Overflow"
      },
      "notes": [
        {
          "category": "other",
          "text": "Heap-based Buffer Overflow",
          "title": "CWE-122"
        },
        {
          "category": "other",
          "text": "Time-of-check Time-of-use (TOCTOU) Race Condition",
          "title": "CWE-367"
        },
        {
          "category": "description",
          "text": "A time-of-check time-of-use (toctou) race condition in Windows Kernel Memory allows authorized attackers to locally elevate their privileges.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20",
          "CSAFPID-21",
          "CSAFPID-22",
          "CSAFPID-23",
          "CSAFPID-24",
          "CSAFPID-25",
          "CSAFPID-26",
          "CSAFPID-27",
          "CSAFPID-28",
          "CSAFPID-29",
          "CSAFPID-30",
          "CSAFPID-31",
          "CSAFPID-32",
          "CSAFPID-33",
          "CSAFPID-34",
          "CSAFPID-35",
          "CSAFPID-36",
          "CSAFPID-37",
          "CSAFPID-38",
          "CSAFPID-39",
          "CSAFPID-40",
          "CSAFPID-41",
          "CSAFPID-42",
          "CSAFPID-43",
          "CSAFPID-44",
          "CSAFPID-45",
          "CSAFPID-46",
          "CSAFPID-47",
          "CSAFPID-48",
          "CSAFPID-49",
          "CSAFPID-50",
          "CSAFPID-51",
          "CSAFPID-52",
          "CSAFPID-53"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-20809 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20809.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20",
            "CSAFPID-21",
            "CSAFPID-22",
            "CSAFPID-23",
            "CSAFPID-24",
            "CSAFPID-25",
            "CSAFPID-26",
            "CSAFPID-27",
            "CSAFPID-28",
            "CSAFPID-29",
            "CSAFPID-30",
            "CSAFPID-31",
            "CSAFPID-32",
            "CSAFPID-33",
            "CSAFPID-34",
            "CSAFPID-35",
            "CSAFPID-36",
            "CSAFPID-37",
            "CSAFPID-38",
            "CSAFPID-39",
            "CSAFPID-40",
            "CSAFPID-41",
            "CSAFPID-42",
            "CSAFPID-43",
            "CSAFPID-44",
            "CSAFPID-45",
            "CSAFPID-46",
            "CSAFPID-47",
            "CSAFPID-48",
            "CSAFPID-49",
            "CSAFPID-50",
            "CSAFPID-51",
            "CSAFPID-52",
            "CSAFPID-53"
          ]
        }
      ],
      "title": "CVE-2026-20809"
    },
    {
      "cve": "CVE-2026-20811",
      "cwe": {
        "id": "CWE-822",
        "name": "Untrusted Pointer Dereference"
      },
      "notes": [
        {
          "category": "other",
          "text": "Untrusted Pointer Dereference",
          "title": "CWE-822"
        },
        {
          "category": "other",
          "text": "Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)",
          "title": "CWE-843"
        },
        {
          "category": "description",
          "text": "The document details a type confusion vulnerability in Windows Win32K that allows authorized attackers to locally elevate their privileges.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20",
          "CSAFPID-21",
          "CSAFPID-22",
          "CSAFPID-23",
          "CSAFPID-24",
          "CSAFPID-25",
          "CSAFPID-26",
          "CSAFPID-27",
          "CSAFPID-28",
          "CSAFPID-29",
          "CSAFPID-30",
          "CSAFPID-31",
          "CSAFPID-32",
          "CSAFPID-33",
          "CSAFPID-34",
          "CSAFPID-35",
          "CSAFPID-36",
          "CSAFPID-37",
          "CSAFPID-38",
          "CSAFPID-39",
          "CSAFPID-40",
          "CSAFPID-41",
          "CSAFPID-42",
          "CSAFPID-43",
          "CSAFPID-44",
          "CSAFPID-45",
          "CSAFPID-46",
          "CSAFPID-47",
          "CSAFPID-48",
          "CSAFPID-49",
          "CSAFPID-50",
          "CSAFPID-51",
          "CSAFPID-52",
          "CSAFPID-53"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-20811 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20811.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20",
            "CSAFPID-21",
            "CSAFPID-22",
            "CSAFPID-23",
            "CSAFPID-24",
            "CSAFPID-25",
            "CSAFPID-26",
            "CSAFPID-27",
            "CSAFPID-28",
            "CSAFPID-29",
            "CSAFPID-30",
            "CSAFPID-31",
            "CSAFPID-32",
            "CSAFPID-33",
            "CSAFPID-34",
            "CSAFPID-35",
            "CSAFPID-36",
            "CSAFPID-37",
            "CSAFPID-38",
            "CSAFPID-39",
            "CSAFPID-40",
            "CSAFPID-41",
            "CSAFPID-42",
            "CSAFPID-43",
            "CSAFPID-44",
            "CSAFPID-45",
            "CSAFPID-46",
            "CSAFPID-47",
            "CSAFPID-48",
            "CSAFPID-49",
            "CSAFPID-50",
            "CSAFPID-51",
            "CSAFPID-52",
            "CSAFPID-53"
          ]
        }
      ],
      "title": "CVE-2026-20811"
    },
    {
      "cve": "CVE-2026-20812",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Input Validation",
          "title": "CWE-20"
        },
        {
          "category": "description",
          "text": "Improper input validation in Windows LDAP enables authorized attackers to manipulate data transmitted over a network.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20",
          "CSAFPID-21",
          "CSAFPID-22",
          "CSAFPID-23",
          "CSAFPID-24",
          "CSAFPID-25",
          "CSAFPID-26",
          "CSAFPID-27",
          "CSAFPID-28",
          "CSAFPID-29",
          "CSAFPID-30",
          "CSAFPID-31",
          "CSAFPID-32",
          "CSAFPID-33",
          "CSAFPID-34",
          "CSAFPID-35",
          "CSAFPID-36",
          "CSAFPID-37",
          "CSAFPID-38",
          "CSAFPID-39",
          "CSAFPID-40",
          "CSAFPID-41",
          "CSAFPID-42",
          "CSAFPID-43",
          "CSAFPID-44",
          "CSAFPID-45",
          "CSAFPID-46",
          "CSAFPID-47",
          "CSAFPID-48",
          "CSAFPID-49",
          "CSAFPID-50",
          "CSAFPID-51",
          "CSAFPID-52",
          "CSAFPID-53"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-20812 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20812.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20",
            "CSAFPID-21",
            "CSAFPID-22",
            "CSAFPID-23",
            "CSAFPID-24",
            "CSAFPID-25",
            "CSAFPID-26",
            "CSAFPID-27",
            "CSAFPID-28",
            "CSAFPID-29",
            "CSAFPID-30",
            "CSAFPID-31",
            "CSAFPID-32",
            "CSAFPID-33",
            "CSAFPID-34",
            "CSAFPID-35",
            "CSAFPID-36",
            "CSAFPID-37",
            "CSAFPID-38",
            "CSAFPID-39",
            "CSAFPID-40",
            "CSAFPID-41",
            "CSAFPID-42",
            "CSAFPID-43",
            "CSAFPID-44",
            "CSAFPID-45",
            "CSAFPID-46",
            "CSAFPID-47",
            "CSAFPID-48",
            "CSAFPID-49",
            "CSAFPID-50",
            "CSAFPID-51",
            "CSAFPID-52",
            "CSAFPID-53"
          ]
        }
      ],
      "title": "CVE-2026-20812"
    },
    {
      "cve": "CVE-2026-20814",
      "cwe": {
        "id": "CWE-362",
        "name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)"
      },
      "notes": [
        {
          "category": "other",
          "text": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
          "title": "CWE-362"
        },
        {
          "category": "description",
          "text": "Improper synchronization in the Graphics Kernel during concurrent execution can allow an authorized attacker to exploit a race condition to elevate their privileges locally.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20",
          "CSAFPID-21",
          "CSAFPID-22",
          "CSAFPID-23",
          "CSAFPID-24",
          "CSAFPID-25",
          "CSAFPID-26",
          "CSAFPID-27",
          "CSAFPID-28",
          "CSAFPID-29",
          "CSAFPID-30",
          "CSAFPID-31",
          "CSAFPID-32",
          "CSAFPID-33",
          "CSAFPID-34",
          "CSAFPID-35",
          "CSAFPID-36",
          "CSAFPID-37",
          "CSAFPID-38",
          "CSAFPID-39",
          "CSAFPID-40",
          "CSAFPID-41",
          "CSAFPID-42",
          "CSAFPID-43",
          "CSAFPID-44",
          "CSAFPID-45",
          "CSAFPID-46",
          "CSAFPID-47",
          "CSAFPID-48",
          "CSAFPID-49",
          "CSAFPID-50",
          "CSAFPID-51",
          "CSAFPID-52",
          "CSAFPID-53"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-20814 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20814.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.0,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20",
            "CSAFPID-21",
            "CSAFPID-22",
            "CSAFPID-23",
            "CSAFPID-24",
            "CSAFPID-25",
            "CSAFPID-26",
            "CSAFPID-27",
            "CSAFPID-28",
            "CSAFPID-29",
            "CSAFPID-30",
            "CSAFPID-31",
            "CSAFPID-32",
            "CSAFPID-33",
            "CSAFPID-34",
            "CSAFPID-35",
            "CSAFPID-36",
            "CSAFPID-37",
            "CSAFPID-38",
            "CSAFPID-39",
            "CSAFPID-40",
            "CSAFPID-41",
            "CSAFPID-42",
            "CSAFPID-43",
            "CSAFPID-44",
            "CSAFPID-45",
            "CSAFPID-46",
            "CSAFPID-47",
            "CSAFPID-48",
            "CSAFPID-49",
            "CSAFPID-50",
            "CSAFPID-51",
            "CSAFPID-52",
            "CSAFPID-53"
          ]
        }
      ],
      "title": "CVE-2026-20814"
    },
    {
      "cve": "CVE-2026-20815",
      "cwe": {
        "id": "CWE-362",
        "name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)"
      },
      "notes": [
        {
          "category": "other",
          "text": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
          "title": "CWE-362"
        },
        {
          "category": "description",
          "text": "The Capability Access Management Service (camsvc) has a vulnerability that allows an authorized attacker to locally elevate privileges due to improper synchronization in concurrent execution.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20",
          "CSAFPID-21",
          "CSAFPID-22",
          "CSAFPID-23",
          "CSAFPID-24",
          "CSAFPID-25",
          "CSAFPID-26",
          "CSAFPID-27",
          "CSAFPID-28",
          "CSAFPID-29",
          "CSAFPID-30",
          "CSAFPID-31",
          "CSAFPID-32",
          "CSAFPID-33",
          "CSAFPID-34",
          "CSAFPID-35",
          "CSAFPID-36",
          "CSAFPID-37",
          "CSAFPID-38",
          "CSAFPID-39",
          "CSAFPID-40",
          "CSAFPID-41",
          "CSAFPID-42",
          "CSAFPID-43",
          "CSAFPID-44",
          "CSAFPID-45",
          "CSAFPID-46",
          "CSAFPID-47",
          "CSAFPID-48",
          "CSAFPID-49",
          "CSAFPID-50",
          "CSAFPID-51",
          "CSAFPID-52",
          "CSAFPID-53"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-20815 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20815.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.0,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20",
            "CSAFPID-21",
            "CSAFPID-22",
            "CSAFPID-23",
            "CSAFPID-24",
            "CSAFPID-25",
            "CSAFPID-26",
            "CSAFPID-27",
            "CSAFPID-28",
            "CSAFPID-29",
            "CSAFPID-30",
            "CSAFPID-31",
            "CSAFPID-32",
            "CSAFPID-33",
            "CSAFPID-34",
            "CSAFPID-35",
            "CSAFPID-36",
            "CSAFPID-37",
            "CSAFPID-38",
            "CSAFPID-39",
            "CSAFPID-40",
            "CSAFPID-41",
            "CSAFPID-42",
            "CSAFPID-43",
            "CSAFPID-44",
            "CSAFPID-45",
            "CSAFPID-46",
            "CSAFPID-47",
            "CSAFPID-48",
            "CSAFPID-49",
            "CSAFPID-50",
            "CSAFPID-51",
            "CSAFPID-52",
            "CSAFPID-53"
          ]
        }
      ],
      "title": "CVE-2026-20815"
    },
    {
      "cve": "CVE-2026-20816",
      "cwe": {
        "id": "CWE-367",
        "name": "Time-of-check Time-of-use (TOCTOU) Race Condition"
      },
      "notes": [
        {
          "category": "other",
          "text": "Time-of-check Time-of-use (TOCTOU) Race Condition",
          "title": "CWE-367"
        },
        {
          "category": "description",
          "text": "A time-of-check time-of-use (toctou) race condition in Windows Installer allows authorized attackers to locally elevate their privileges, leading to potential local privilege escalation.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20",
          "CSAFPID-21",
          "CSAFPID-22",
          "CSAFPID-23",
          "CSAFPID-24",
          "CSAFPID-25",
          "CSAFPID-26",
          "CSAFPID-27",
          "CSAFPID-28",
          "CSAFPID-29",
          "CSAFPID-30",
          "CSAFPID-31",
          "CSAFPID-32",
          "CSAFPID-33",
          "CSAFPID-34",
          "CSAFPID-35",
          "CSAFPID-36",
          "CSAFPID-37",
          "CSAFPID-38",
          "CSAFPID-39",
          "CSAFPID-40",
          "CSAFPID-41",
          "CSAFPID-42",
          "CSAFPID-43",
          "CSAFPID-44",
          "CSAFPID-45",
          "CSAFPID-46",
          "CSAFPID-47",
          "CSAFPID-48",
          "CSAFPID-49",
          "CSAFPID-50",
          "CSAFPID-51",
          "CSAFPID-52",
          "CSAFPID-53"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-20816 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20816.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20",
            "CSAFPID-21",
            "CSAFPID-22",
            "CSAFPID-23",
            "CSAFPID-24",
            "CSAFPID-25",
            "CSAFPID-26",
            "CSAFPID-27",
            "CSAFPID-28",
            "CSAFPID-29",
            "CSAFPID-30",
            "CSAFPID-31",
            "CSAFPID-32",
            "CSAFPID-33",
            "CSAFPID-34",
            "CSAFPID-35",
            "CSAFPID-36",
            "CSAFPID-37",
            "CSAFPID-38",
            "CSAFPID-39",
            "CSAFPID-40",
            "CSAFPID-41",
            "CSAFPID-42",
            "CSAFPID-43",
            "CSAFPID-44",
            "CSAFPID-45",
            "CSAFPID-46",
            "CSAFPID-47",
            "CSAFPID-48",
            "CSAFPID-49",
            "CSAFPID-50",
            "CSAFPID-51",
            "CSAFPID-52",
            "CSAFPID-53"
          ]
        }
      ],
      "title": "CVE-2026-20816"
    },
    {
      "cve": "CVE-2026-20817",
      "cwe": {
        "id": "CWE-280",
        "name": "Improper Handling of Insufficient Permissions or Privileges "
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Handling of Insufficient Permissions or Privileges ",
          "title": "CWE-280"
        },
        {
          "category": "description",
          "text": "Improper handling of insufficient permissions in Windows Error Reporting allows authorized attackers to locally elevate their privileges, posing a significant security risk.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20",
          "CSAFPID-21",
          "CSAFPID-22",
          "CSAFPID-23",
          "CSAFPID-24",
          "CSAFPID-25",
          "CSAFPID-26",
          "CSAFPID-27",
          "CSAFPID-28",
          "CSAFPID-29",
          "CSAFPID-30",
          "CSAFPID-31",
          "CSAFPID-32",
          "CSAFPID-33",
          "CSAFPID-34",
          "CSAFPID-35",
          "CSAFPID-36",
          "CSAFPID-37",
          "CSAFPID-38",
          "CSAFPID-39",
          "CSAFPID-40",
          "CSAFPID-41",
          "CSAFPID-42",
          "CSAFPID-43",
          "CSAFPID-44",
          "CSAFPID-45",
          "CSAFPID-46",
          "CSAFPID-47",
          "CSAFPID-48",
          "CSAFPID-49",
          "CSAFPID-50",
          "CSAFPID-51",
          "CSAFPID-52",
          "CSAFPID-53"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-20817 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20817.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20",
            "CSAFPID-21",
            "CSAFPID-22",
            "CSAFPID-23",
            "CSAFPID-24",
            "CSAFPID-25",
            "CSAFPID-26",
            "CSAFPID-27",
            "CSAFPID-28",
            "CSAFPID-29",
            "CSAFPID-30",
            "CSAFPID-31",
            "CSAFPID-32",
            "CSAFPID-33",
            "CSAFPID-34",
            "CSAFPID-35",
            "CSAFPID-36",
            "CSAFPID-37",
            "CSAFPID-38",
            "CSAFPID-39",
            "CSAFPID-40",
            "CSAFPID-41",
            "CSAFPID-42",
            "CSAFPID-43",
            "CSAFPID-44",
            "CSAFPID-45",
            "CSAFPID-46",
            "CSAFPID-47",
            "CSAFPID-48",
            "CSAFPID-49",
            "CSAFPID-50",
            "CSAFPID-51",
            "CSAFPID-52",
            "CSAFPID-53"
          ]
        }
      ],
      "title": "CVE-2026-20817"
    },
    {
      "cve": "CVE-2026-20819",
      "cwe": {
        "id": "CWE-822",
        "name": "Untrusted Pointer Dereference"
      },
      "notes": [
        {
          "category": "other",
          "text": "Untrusted Pointer Dereference",
          "title": "CWE-822"
        },
        {
          "category": "description",
          "text": "A vulnerability in Windows Virtualization-Based Security (VBS) Enclave allows an authorized attacker to locally disclose sensitive information through an untrusted pointer dereference.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20",
          "CSAFPID-21",
          "CSAFPID-22",
          "CSAFPID-23",
          "CSAFPID-24",
          "CSAFPID-25",
          "CSAFPID-26",
          "CSAFPID-27",
          "CSAFPID-28",
          "CSAFPID-29",
          "CSAFPID-30",
          "CSAFPID-31",
          "CSAFPID-32",
          "CSAFPID-33",
          "CSAFPID-34",
          "CSAFPID-35",
          "CSAFPID-36",
          "CSAFPID-37",
          "CSAFPID-38",
          "CSAFPID-39",
          "CSAFPID-40",
          "CSAFPID-41",
          "CSAFPID-42",
          "CSAFPID-43",
          "CSAFPID-44",
          "CSAFPID-45",
          "CSAFPID-46",
          "CSAFPID-47",
          "CSAFPID-48",
          "CSAFPID-49",
          "CSAFPID-50",
          "CSAFPID-51",
          "CSAFPID-52",
          "CSAFPID-53"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-20819 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20819.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20",
            "CSAFPID-21",
            "CSAFPID-22",
            "CSAFPID-23",
            "CSAFPID-24",
            "CSAFPID-25",
            "CSAFPID-26",
            "CSAFPID-27",
            "CSAFPID-28",
            "CSAFPID-29",
            "CSAFPID-30",
            "CSAFPID-31",
            "CSAFPID-32",
            "CSAFPID-33",
            "CSAFPID-34",
            "CSAFPID-35",
            "CSAFPID-36",
            "CSAFPID-37",
            "CSAFPID-38",
            "CSAFPID-39",
            "CSAFPID-40",
            "CSAFPID-41",
            "CSAFPID-42",
            "CSAFPID-43",
            "CSAFPID-44",
            "CSAFPID-45",
            "CSAFPID-46",
            "CSAFPID-47",
            "CSAFPID-48",
            "CSAFPID-49",
            "CSAFPID-50",
            "CSAFPID-51",
            "CSAFPID-52",
            "CSAFPID-53"
          ]
        }
      ],
      "title": "CVE-2026-20819"
    },
    {
      "cve": "CVE-2026-20820",
      "cwe": {
        "id": "CWE-122",
        "name": "Heap-based Buffer Overflow"
      },
      "notes": [
        {
          "category": "other",
          "text": "Heap-based Buffer Overflow",
          "title": "CWE-122"
        },
        {
          "category": "description",
          "text": "A heap-based buffer overflow vulnerability in the Windows Common Log File System Driver allows an authorized attacker to locally elevate their privileges.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20",
          "CSAFPID-21",
          "CSAFPID-22",
          "CSAFPID-23",
          "CSAFPID-24",
          "CSAFPID-25",
          "CSAFPID-26",
          "CSAFPID-27",
          "CSAFPID-28",
          "CSAFPID-29",
          "CSAFPID-30",
          "CSAFPID-31",
          "CSAFPID-32",
          "CSAFPID-33",
          "CSAFPID-34",
          "CSAFPID-35",
          "CSAFPID-36",
          "CSAFPID-37",
          "CSAFPID-38",
          "CSAFPID-39",
          "CSAFPID-40",
          "CSAFPID-41",
          "CSAFPID-42",
          "CSAFPID-43",
          "CSAFPID-44",
          "CSAFPID-45",
          "CSAFPID-46",
          "CSAFPID-47",
          "CSAFPID-48",
          "CSAFPID-49",
          "CSAFPID-50",
          "CSAFPID-51",
          "CSAFPID-52",
          "CSAFPID-53"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-20820 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20820.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20",
            "CSAFPID-21",
            "CSAFPID-22",
            "CSAFPID-23",
            "CSAFPID-24",
            "CSAFPID-25",
            "CSAFPID-26",
            "CSAFPID-27",
            "CSAFPID-28",
            "CSAFPID-29",
            "CSAFPID-30",
            "CSAFPID-31",
            "CSAFPID-32",
            "CSAFPID-33",
            "CSAFPID-34",
            "CSAFPID-35",
            "CSAFPID-36",
            "CSAFPID-37",
            "CSAFPID-38",
            "CSAFPID-39",
            "CSAFPID-40",
            "CSAFPID-41",
            "CSAFPID-42",
            "CSAFPID-43",
            "CSAFPID-44",
            "CSAFPID-45",
            "CSAFPID-46",
            "CSAFPID-47",
            "CSAFPID-48",
            "CSAFPID-49",
            "CSAFPID-50",
            "CSAFPID-51",
            "CSAFPID-52",
            "CSAFPID-53"
          ]
        }
      ],
      "title": "CVE-2026-20820"
    },
    {
      "cve": "CVE-2026-20821",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "notes": [
        {
          "category": "other",
          "text": "Exposure of Sensitive Information to an Unauthorized Actor",
          "title": "CWE-200"
        },
        {
          "category": "description",
          "text": "A vulnerability in Windows Remote Procedure Call allows unauthorized attackers to potentially disclose sensitive information locally.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20",
          "CSAFPID-21",
          "CSAFPID-22",
          "CSAFPID-23",
          "CSAFPID-24",
          "CSAFPID-25",
          "CSAFPID-26",
          "CSAFPID-27",
          "CSAFPID-28",
          "CSAFPID-29",
          "CSAFPID-30",
          "CSAFPID-31",
          "CSAFPID-32",
          "CSAFPID-33",
          "CSAFPID-34",
          "CSAFPID-35",
          "CSAFPID-36",
          "CSAFPID-37",
          "CSAFPID-38",
          "CSAFPID-39",
          "CSAFPID-40",
          "CSAFPID-41",
          "CSAFPID-42",
          "CSAFPID-43",
          "CSAFPID-44",
          "CSAFPID-45",
          "CSAFPID-46",
          "CSAFPID-47",
          "CSAFPID-48",
          "CSAFPID-49",
          "CSAFPID-50",
          "CSAFPID-51",
          "CSAFPID-52",
          "CSAFPID-53"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-20821 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20821.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.2,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20",
            "CSAFPID-21",
            "CSAFPID-22",
            "CSAFPID-23",
            "CSAFPID-24",
            "CSAFPID-25",
            "CSAFPID-26",
            "CSAFPID-27",
            "CSAFPID-28",
            "CSAFPID-29",
            "CSAFPID-30",
            "CSAFPID-31",
            "CSAFPID-32",
            "CSAFPID-33",
            "CSAFPID-34",
            "CSAFPID-35",
            "CSAFPID-36",
            "CSAFPID-37",
            "CSAFPID-38",
            "CSAFPID-39",
            "CSAFPID-40",
            "CSAFPID-41",
            "CSAFPID-42",
            "CSAFPID-43",
            "CSAFPID-44",
            "CSAFPID-45",
            "CSAFPID-46",
            "CSAFPID-47",
            "CSAFPID-48",
            "CSAFPID-49",
            "CSAFPID-50",
            "CSAFPID-51",
            "CSAFPID-52",
            "CSAFPID-53"
          ]
        }
      ],
      "title": "CVE-2026-20821"
    },
    {
      "cve": "CVE-2026-20822",
      "cwe": {
        "id": "CWE-416",
        "name": "Use After Free"
      },
      "notes": [
        {
          "category": "other",
          "text": "Use After Free",
          "title": "CWE-416"
        },
        {
          "category": "description",
          "text": "A use after free vulnerability in the Microsoft Graphics Component allows an authorized attacker to locally elevate their privileges.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20",
          "CSAFPID-21",
          "CSAFPID-22",
          "CSAFPID-23",
          "CSAFPID-24",
          "CSAFPID-25",
          "CSAFPID-26",
          "CSAFPID-27",
          "CSAFPID-28",
          "CSAFPID-29",
          "CSAFPID-30",
          "CSAFPID-31",
          "CSAFPID-32",
          "CSAFPID-33",
          "CSAFPID-34",
          "CSAFPID-35",
          "CSAFPID-36",
          "CSAFPID-37",
          "CSAFPID-38",
          "CSAFPID-39",
          "CSAFPID-40",
          "CSAFPID-41",
          "CSAFPID-42",
          "CSAFPID-43",
          "CSAFPID-44",
          "CSAFPID-45",
          "CSAFPID-46",
          "CSAFPID-47",
          "CSAFPID-48",
          "CSAFPID-49",
          "CSAFPID-50",
          "CSAFPID-51",
          "CSAFPID-52",
          "CSAFPID-53"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-20822 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20822.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20",
            "CSAFPID-21",
            "CSAFPID-22",
            "CSAFPID-23",
            "CSAFPID-24",
            "CSAFPID-25",
            "CSAFPID-26",
            "CSAFPID-27",
            "CSAFPID-28",
            "CSAFPID-29",
            "CSAFPID-30",
            "CSAFPID-31",
            "CSAFPID-32",
            "CSAFPID-33",
            "CSAFPID-34",
            "CSAFPID-35",
            "CSAFPID-36",
            "CSAFPID-37",
            "CSAFPID-38",
            "CSAFPID-39",
            "CSAFPID-40",
            "CSAFPID-41",
            "CSAFPID-42",
            "CSAFPID-43",
            "CSAFPID-44",
            "CSAFPID-45",
            "CSAFPID-46",
            "CSAFPID-47",
            "CSAFPID-48",
            "CSAFPID-49",
            "CSAFPID-50",
            "CSAFPID-51",
            "CSAFPID-52",
            "CSAFPID-53"
          ]
        }
      ],
      "title": "CVE-2026-20822"
    },
    {
      "cve": "CVE-2026-20823",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "notes": [
        {
          "category": "other",
          "text": "Exposure of Sensitive Information to an Unauthorized Actor",
          "title": "CWE-200"
        },
        {
          "category": "description",
          "text": "A vulnerability in Windows File Explorer allows authorized attackers to expose sensitive information to unauthorized users locally.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20",
          "CSAFPID-21",
          "CSAFPID-22",
          "CSAFPID-23",
          "CSAFPID-24",
          "CSAFPID-25",
          "CSAFPID-26",
          "CSAFPID-27",
          "CSAFPID-28",
          "CSAFPID-29",
          "CSAFPID-30",
          "CSAFPID-31",
          "CSAFPID-32",
          "CSAFPID-33",
          "CSAFPID-34",
          "CSAFPID-35",
          "CSAFPID-36",
          "CSAFPID-37",
          "CSAFPID-38",
          "CSAFPID-39",
          "CSAFPID-40",
          "CSAFPID-41",
          "CSAFPID-42",
          "CSAFPID-43",
          "CSAFPID-44",
          "CSAFPID-45",
          "CSAFPID-46",
          "CSAFPID-47",
          "CSAFPID-48",
          "CSAFPID-49",
          "CSAFPID-50",
          "CSAFPID-51",
          "CSAFPID-52",
          "CSAFPID-53"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-20823 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20823.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20",
            "CSAFPID-21",
            "CSAFPID-22",
            "CSAFPID-23",
            "CSAFPID-24",
            "CSAFPID-25",
            "CSAFPID-26",
            "CSAFPID-27",
            "CSAFPID-28",
            "CSAFPID-29",
            "CSAFPID-30",
            "CSAFPID-31",
            "CSAFPID-32",
            "CSAFPID-33",
            "CSAFPID-34",
            "CSAFPID-35",
            "CSAFPID-36",
            "CSAFPID-37",
            "CSAFPID-38",
            "CSAFPID-39",
            "CSAFPID-40",
            "CSAFPID-41",
            "CSAFPID-42",
            "CSAFPID-43",
            "CSAFPID-44",
            "CSAFPID-45",
            "CSAFPID-46",
            "CSAFPID-47",
            "CSAFPID-48",
            "CSAFPID-49",
            "CSAFPID-50",
            "CSAFPID-51",
            "CSAFPID-52",
            "CSAFPID-53"
          ]
        }
      ],
      "title": "CVE-2026-20823"
    },
    {
      "cve": "CVE-2026-20824",
      "cwe": {
        "id": "CWE-693",
        "name": "Protection Mechanism Failure"
      },
      "notes": [
        {
          "category": "other",
          "text": "Protection Mechanism Failure",
          "title": "CWE-693"
        },
        {
          "category": "description",
          "text": "A failure in the protection mechanism of Windows Remote Assistance allows unauthorized local attackers to bypass a critical security feature.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20",
          "CSAFPID-21",
          "CSAFPID-22",
          "CSAFPID-23",
          "CSAFPID-24",
          "CSAFPID-25",
          "CSAFPID-26",
          "CSAFPID-27",
          "CSAFPID-28",
          "CSAFPID-29",
          "CSAFPID-30",
          "CSAFPID-31",
          "CSAFPID-32",
          "CSAFPID-33",
          "CSAFPID-34",
          "CSAFPID-35",
          "CSAFPID-36",
          "CSAFPID-37",
          "CSAFPID-38",
          "CSAFPID-39",
          "CSAFPID-40",
          "CSAFPID-41",
          "CSAFPID-42",
          "CSAFPID-43",
          "CSAFPID-44",
          "CSAFPID-45",
          "CSAFPID-46",
          "CSAFPID-47",
          "CSAFPID-48",
          "CSAFPID-49",
          "CSAFPID-50",
          "CSAFPID-51",
          "CSAFPID-52",
          "CSAFPID-53"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-20824 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20824.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20",
            "CSAFPID-21",
            "CSAFPID-22",
            "CSAFPID-23",
            "CSAFPID-24",
            "CSAFPID-25",
            "CSAFPID-26",
            "CSAFPID-27",
            "CSAFPID-28",
            "CSAFPID-29",
            "CSAFPID-30",
            "CSAFPID-31",
            "CSAFPID-32",
            "CSAFPID-33",
            "CSAFPID-34",
            "CSAFPID-35",
            "CSAFPID-36",
            "CSAFPID-37",
            "CSAFPID-38",
            "CSAFPID-39",
            "CSAFPID-40",
            "CSAFPID-41",
            "CSAFPID-42",
            "CSAFPID-43",
            "CSAFPID-44",
            "CSAFPID-45",
            "CSAFPID-46",
            "CSAFPID-47",
            "CSAFPID-48",
            "CSAFPID-49",
            "CSAFPID-50",
            "CSAFPID-51",
            "CSAFPID-52",
            "CSAFPID-53"
          ]
        }
      ],
      "title": "CVE-2026-20824"
    },
    {
      "cve": "CVE-2026-20825",
      "cwe": {
        "id": "CWE-284",
        "name": "Improper Access Control"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Access Control",
          "title": "CWE-284"
        },
        {
          "category": "description",
          "text": "A vulnerability in Windows Hyper-V allows an authorized attacker to locally disclose sensitive information due to improper access control mechanisms.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20",
          "CSAFPID-21",
          "CSAFPID-22",
          "CSAFPID-23",
          "CSAFPID-24",
          "CSAFPID-25",
          "CSAFPID-26",
          "CSAFPID-27",
          "CSAFPID-28",
          "CSAFPID-29",
          "CSAFPID-30",
          "CSAFPID-31",
          "CSAFPID-32",
          "CSAFPID-33",
          "CSAFPID-34",
          "CSAFPID-35",
          "CSAFPID-36",
          "CSAFPID-37",
          "CSAFPID-38",
          "CSAFPID-39",
          "CSAFPID-40",
          "CSAFPID-41",
          "CSAFPID-42",
          "CSAFPID-43",
          "CSAFPID-44",
          "CSAFPID-45",
          "CSAFPID-46",
          "CSAFPID-47",
          "CSAFPID-48",
          "CSAFPID-49",
          "CSAFPID-50",
          "CSAFPID-51",
          "CSAFPID-52",
          "CSAFPID-53"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-20825 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20825.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.4,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20",
            "CSAFPID-21",
            "CSAFPID-22",
            "CSAFPID-23",
            "CSAFPID-24",
            "CSAFPID-25",
            "CSAFPID-26",
            "CSAFPID-27",
            "CSAFPID-28",
            "CSAFPID-29",
            "CSAFPID-30",
            "CSAFPID-31",
            "CSAFPID-32",
            "CSAFPID-33",
            "CSAFPID-34",
            "CSAFPID-35",
            "CSAFPID-36",
            "CSAFPID-37",
            "CSAFPID-38",
            "CSAFPID-39",
            "CSAFPID-40",
            "CSAFPID-41",
            "CSAFPID-42",
            "CSAFPID-43",
            "CSAFPID-44",
            "CSAFPID-45",
            "CSAFPID-46",
            "CSAFPID-47",
            "CSAFPID-48",
            "CSAFPID-49",
            "CSAFPID-50",
            "CSAFPID-51",
            "CSAFPID-52",
            "CSAFPID-53"
          ]
        }
      ],
      "title": "CVE-2026-20825"
    },
    {
      "cve": "CVE-2026-20826",
      "cwe": {
        "id": "CWE-362",
        "name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)"
      },
      "notes": [
        {
          "category": "other",
          "text": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
          "title": "CWE-362"
        },
        {
          "category": "description",
          "text": "A race condition in the Tablet Windows User Interface (TWINUI) Subsystem allows authorized attackers to locally elevate privileges due to improper synchronization during concurrent execution with shared resources.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20",
          "CSAFPID-21",
          "CSAFPID-22",
          "CSAFPID-23",
          "CSAFPID-24",
          "CSAFPID-25",
          "CSAFPID-26",
          "CSAFPID-27",
          "CSAFPID-28",
          "CSAFPID-29",
          "CSAFPID-30",
          "CSAFPID-31",
          "CSAFPID-32",
          "CSAFPID-33",
          "CSAFPID-34",
          "CSAFPID-35",
          "CSAFPID-36",
          "CSAFPID-37",
          "CSAFPID-38",
          "CSAFPID-39",
          "CSAFPID-40",
          "CSAFPID-41",
          "CSAFPID-42",
          "CSAFPID-43",
          "CSAFPID-44",
          "CSAFPID-45",
          "CSAFPID-46",
          "CSAFPID-47",
          "CSAFPID-48",
          "CSAFPID-49",
          "CSAFPID-50",
          "CSAFPID-51",
          "CSAFPID-52",
          "CSAFPID-53"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-20826 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20826.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20",
            "CSAFPID-21",
            "CSAFPID-22",
            "CSAFPID-23",
            "CSAFPID-24",
            "CSAFPID-25",
            "CSAFPID-26",
            "CSAFPID-27",
            "CSAFPID-28",
            "CSAFPID-29",
            "CSAFPID-30",
            "CSAFPID-31",
            "CSAFPID-32",
            "CSAFPID-33",
            "CSAFPID-34",
            "CSAFPID-35",
            "CSAFPID-36",
            "CSAFPID-37",
            "CSAFPID-38",
            "CSAFPID-39",
            "CSAFPID-40",
            "CSAFPID-41",
            "CSAFPID-42",
            "CSAFPID-43",
            "CSAFPID-44",
            "CSAFPID-45",
            "CSAFPID-46",
            "CSAFPID-47",
            "CSAFPID-48",
            "CSAFPID-49",
            "CSAFPID-50",
            "CSAFPID-51",
            "CSAFPID-52",
            "CSAFPID-53"
          ]
        }
      ],
      "title": "CVE-2026-20826"
    },
    {
      "cve": "CVE-2026-20827",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "notes": [
        {
          "category": "other",
          "text": "Exposure of Sensitive Information to an Unauthorized Actor",
          "title": "CWE-200"
        },
        {
          "category": "description",
          "text": "The TWINUI Subsystem in Tablet Windows has a vulnerability that allows an authorized attacker to disclose sensitive information to unauthorized individuals locally.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20",
          "CSAFPID-21",
          "CSAFPID-22",
          "CSAFPID-23",
          "CSAFPID-24",
          "CSAFPID-25",
          "CSAFPID-26",
          "CSAFPID-27",
          "CSAFPID-28",
          "CSAFPID-29",
          "CSAFPID-30",
          "CSAFPID-31",
          "CSAFPID-32",
          "CSAFPID-33",
          "CSAFPID-34",
          "CSAFPID-35",
          "CSAFPID-36",
          "CSAFPID-37",
          "CSAFPID-38",
          "CSAFPID-39",
          "CSAFPID-40",
          "CSAFPID-41",
          "CSAFPID-42",
          "CSAFPID-43",
          "CSAFPID-44",
          "CSAFPID-45",
          "CSAFPID-46",
          "CSAFPID-47",
          "CSAFPID-48",
          "CSAFPID-49",
          "CSAFPID-50",
          "CSAFPID-51",
          "CSAFPID-52",
          "CSAFPID-53"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-20827 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20827.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20",
            "CSAFPID-21",
            "CSAFPID-22",
            "CSAFPID-23",
            "CSAFPID-24",
            "CSAFPID-25",
            "CSAFPID-26",
            "CSAFPID-27",
            "CSAFPID-28",
            "CSAFPID-29",
            "CSAFPID-30",
            "CSAFPID-31",
            "CSAFPID-32",
            "CSAFPID-33",
            "CSAFPID-34",
            "CSAFPID-35",
            "CSAFPID-36",
            "CSAFPID-37",
            "CSAFPID-38",
            "CSAFPID-39",
            "CSAFPID-40",
            "CSAFPID-41",
            "CSAFPID-42",
            "CSAFPID-43",
            "CSAFPID-44",
            "CSAFPID-45",
            "CSAFPID-46",
            "CSAFPID-47",
            "CSAFPID-48",
            "CSAFPID-49",
            "CSAFPID-50",
            "CSAFPID-51",
            "CSAFPID-52",
            "CSAFPID-53"
          ]
        }
      ],
      "title": "CVE-2026-20827"
    },
    {
      "cve": "CVE-2026-20828",
      "cwe": {
        "id": "CWE-125",
        "name": "Out-of-bounds Read"
      },
      "notes": [
        {
          "category": "other",
          "text": "Out-of-bounds Read",
          "title": "CWE-125"
        },
        {
          "category": "description",
          "text": "A vulnerability in Windows Internet Connection Sharing (ICS) allows unauthorized attackers to disclose information through physical access, posing a significant security risk.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20",
          "CSAFPID-21",
          "CSAFPID-22",
          "CSAFPID-23",
          "CSAFPID-24",
          "CSAFPID-25",
          "CSAFPID-26",
          "CSAFPID-27",
          "CSAFPID-28",
          "CSAFPID-29",
          "CSAFPID-30",
          "CSAFPID-31",
          "CSAFPID-32",
          "CSAFPID-33",
          "CSAFPID-34",
          "CSAFPID-35",
          "CSAFPID-36",
          "CSAFPID-37",
          "CSAFPID-38",
          "CSAFPID-39",
          "CSAFPID-40",
          "CSAFPID-41",
          "CSAFPID-42",
          "CSAFPID-43",
          "CSAFPID-44",
          "CSAFPID-45",
          "CSAFPID-46",
          "CSAFPID-47",
          "CSAFPID-48",
          "CSAFPID-49",
          "CSAFPID-50",
          "CSAFPID-51",
          "CSAFPID-52",
          "CSAFPID-53"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-20828 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20828.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.6,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20",
            "CSAFPID-21",
            "CSAFPID-22",
            "CSAFPID-23",
            "CSAFPID-24",
            "CSAFPID-25",
            "CSAFPID-26",
            "CSAFPID-27",
            "CSAFPID-28",
            "CSAFPID-29",
            "CSAFPID-30",
            "CSAFPID-31",
            "CSAFPID-32",
            "CSAFPID-33",
            "CSAFPID-34",
            "CSAFPID-35",
            "CSAFPID-36",
            "CSAFPID-37",
            "CSAFPID-38",
            "CSAFPID-39",
            "CSAFPID-40",
            "CSAFPID-41",
            "CSAFPID-42",
            "CSAFPID-43",
            "CSAFPID-44",
            "CSAFPID-45",
            "CSAFPID-46",
            "CSAFPID-47",
            "CSAFPID-48",
            "CSAFPID-49",
            "CSAFPID-50",
            "CSAFPID-51",
            "CSAFPID-52",
            "CSAFPID-53"
          ]
        }
      ],
      "title": "CVE-2026-20828"
    },
    {
      "cve": "CVE-2026-20829",
      "cwe": {
        "id": "CWE-125",
        "name": "Out-of-bounds Read"
      },
      "notes": [
        {
          "category": "other",
          "text": "Out-of-bounds Read",
          "title": "CWE-125"
        },
        {
          "category": "description",
          "text": "An out-of-bounds read vulnerability in Windows TPM allows an authorized attacker to locally disclose sensitive information.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20",
          "CSAFPID-21",
          "CSAFPID-22",
          "CSAFPID-23",
          "CSAFPID-24",
          "CSAFPID-25",
          "CSAFPID-26",
          "CSAFPID-27",
          "CSAFPID-28",
          "CSAFPID-29",
          "CSAFPID-30",
          "CSAFPID-31",
          "CSAFPID-32",
          "CSAFPID-33",
          "CSAFPID-34",
          "CSAFPID-35",
          "CSAFPID-36",
          "CSAFPID-37",
          "CSAFPID-38",
          "CSAFPID-39",
          "CSAFPID-40",
          "CSAFPID-41",
          "CSAFPID-42",
          "CSAFPID-43",
          "CSAFPID-44",
          "CSAFPID-45",
          "CSAFPID-46",
          "CSAFPID-47",
          "CSAFPID-48",
          "CSAFPID-49",
          "CSAFPID-50",
          "CSAFPID-51",
          "CSAFPID-52",
          "CSAFPID-53"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-20829 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20829.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20",
            "CSAFPID-21",
            "CSAFPID-22",
            "CSAFPID-23",
            "CSAFPID-24",
            "CSAFPID-25",
            "CSAFPID-26",
            "CSAFPID-27",
            "CSAFPID-28",
            "CSAFPID-29",
            "CSAFPID-30",
            "CSAFPID-31",
            "CSAFPID-32",
            "CSAFPID-33",
            "CSAFPID-34",
            "CSAFPID-35",
            "CSAFPID-36",
            "CSAFPID-37",
            "CSAFPID-38",
            "CSAFPID-39",
            "CSAFPID-40",
            "CSAFPID-41",
            "CSAFPID-42",
            "CSAFPID-43",
            "CSAFPID-44",
            "CSAFPID-45",
            "CSAFPID-46",
            "CSAFPID-47",
            "CSAFPID-48",
            "CSAFPID-49",
            "CSAFPID-50",
            "CSAFPID-51",
            "CSAFPID-52",
            "CSAFPID-53"
          ]
        }
      ],
      "title": "CVE-2026-20829"
    },
    {
      "cve": "CVE-2026-20831",
      "cwe": {
        "id": "CWE-367",
        "name": "Time-of-check Time-of-use (TOCTOU) Race Condition"
      },
      "notes": [
        {
          "category": "other",
          "text": "Time-of-check Time-of-use (TOCTOU) Race Condition",
          "title": "CWE-367"
        },
        {
          "category": "description",
          "text": "A TOCTOU race condition in the Windows Ancillary Function Driver for WinSock allows an authorized attacker to locally elevate their privileges.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20",
          "CSAFPID-21",
          "CSAFPID-22",
          "CSAFPID-23",
          "CSAFPID-24",
          "CSAFPID-25",
          "CSAFPID-26",
          "CSAFPID-27",
          "CSAFPID-28",
          "CSAFPID-29",
          "CSAFPID-30",
          "CSAFPID-31",
          "CSAFPID-32",
          "CSAFPID-33",
          "CSAFPID-34",
          "CSAFPID-35",
          "CSAFPID-36",
          "CSAFPID-37",
          "CSAFPID-38",
          "CSAFPID-39",
          "CSAFPID-40",
          "CSAFPID-41",
          "CSAFPID-42",
          "CSAFPID-43",
          "CSAFPID-44",
          "CSAFPID-45",
          "CSAFPID-46",
          "CSAFPID-47",
          "CSAFPID-48",
          "CSAFPID-49",
          "CSAFPID-50",
          "CSAFPID-51",
          "CSAFPID-52",
          "CSAFPID-53"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-20831 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20831.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20",
            "CSAFPID-21",
            "CSAFPID-22",
            "CSAFPID-23",
            "CSAFPID-24",
            "CSAFPID-25",
            "CSAFPID-26",
            "CSAFPID-27",
            "CSAFPID-28",
            "CSAFPID-29",
            "CSAFPID-30",
            "CSAFPID-31",
            "CSAFPID-32",
            "CSAFPID-33",
            "CSAFPID-34",
            "CSAFPID-35",
            "CSAFPID-36",
            "CSAFPID-37",
            "CSAFPID-38",
            "CSAFPID-39",
            "CSAFPID-40",
            "CSAFPID-41",
            "CSAFPID-42",
            "CSAFPID-43",
            "CSAFPID-44",
            "CSAFPID-45",
            "CSAFPID-46",
            "CSAFPID-47",
            "CSAFPID-48",
            "CSAFPID-49",
            "CSAFPID-50",
            "CSAFPID-51",
            "CSAFPID-52",
            "CSAFPID-53"
          ]
        }
      ],
      "title": "CVE-2026-20831"
    },
    {
      "cve": "CVE-2026-20832",
      "cwe": {
        "id": "CWE-415",
        "name": "Double Free"
      },
      "notes": [
        {
          "category": "other",
          "text": "Double Free",
          "title": "CWE-415"
        },
        {
          "category": "description",
          "text": "The document highlights a vulnerability in the Windows Remote Procedure Call Interface Definition Language (IDL) that may enable privilege escalation for attackers.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20",
          "CSAFPID-21",
          "CSAFPID-22",
          "CSAFPID-23",
          "CSAFPID-24",
          "CSAFPID-25",
          "CSAFPID-26",
          "CSAFPID-27",
          "CSAFPID-28",
          "CSAFPID-29",
          "CSAFPID-30",
          "CSAFPID-31",
          "CSAFPID-32",
          "CSAFPID-33",
          "CSAFPID-34",
          "CSAFPID-35",
          "CSAFPID-36",
          "CSAFPID-37",
          "CSAFPID-38",
          "CSAFPID-39",
          "CSAFPID-40",
          "CSAFPID-41",
          "CSAFPID-42",
          "CSAFPID-43",
          "CSAFPID-44",
          "CSAFPID-45",
          "CSAFPID-46",
          "CSAFPID-47",
          "CSAFPID-48",
          "CSAFPID-49",
          "CSAFPID-50",
          "CSAFPID-51",
          "CSAFPID-52",
          "CSAFPID-53"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-20832 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20832.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20",
            "CSAFPID-21",
            "CSAFPID-22",
            "CSAFPID-23",
            "CSAFPID-24",
            "CSAFPID-25",
            "CSAFPID-26",
            "CSAFPID-27",
            "CSAFPID-28",
            "CSAFPID-29",
            "CSAFPID-30",
            "CSAFPID-31",
            "CSAFPID-32",
            "CSAFPID-33",
            "CSAFPID-34",
            "CSAFPID-35",
            "CSAFPID-36",
            "CSAFPID-37",
            "CSAFPID-38",
            "CSAFPID-39",
            "CSAFPID-40",
            "CSAFPID-41",
            "CSAFPID-42",
            "CSAFPID-43",
            "CSAFPID-44",
            "CSAFPID-45",
            "CSAFPID-46",
            "CSAFPID-47",
            "CSAFPID-48",
            "CSAFPID-49",
            "CSAFPID-50",
            "CSAFPID-51",
            "CSAFPID-52",
            "CSAFPID-53"
          ]
        }
      ],
      "title": "CVE-2026-20832"
    },
    {
      "cve": "CVE-2026-20834",
      "cwe": {
        "id": "CWE-359",
        "name": "Exposure of Private Personal Information to an Unauthorized Actor"
      },
      "notes": [
        {
          "category": "other",
          "text": "Exposure of Private Personal Information to an Unauthorized Actor",
          "title": "CWE-359"
        },
        {
          "category": "other",
          "text": "Absolute Path Traversal",
          "title": "CWE-36"
        },
        {
          "category": "description",
          "text": "An absolute path traversal vulnerability in Windows Shell allows unauthorized attackers to execute spoofing through physical attacks.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20",
          "CSAFPID-21",
          "CSAFPID-22",
          "CSAFPID-23",
          "CSAFPID-24",
          "CSAFPID-25",
          "CSAFPID-26",
          "CSAFPID-27",
          "CSAFPID-28",
          "CSAFPID-29",
          "CSAFPID-30",
          "CSAFPID-31",
          "CSAFPID-32",
          "CSAFPID-33",
          "CSAFPID-34",
          "CSAFPID-35",
          "CSAFPID-36",
          "CSAFPID-37",
          "CSAFPID-38",
          "CSAFPID-39",
          "CSAFPID-40",
          "CSAFPID-41",
          "CSAFPID-42",
          "CSAFPID-43",
          "CSAFPID-44",
          "CSAFPID-45",
          "CSAFPID-46",
          "CSAFPID-47",
          "CSAFPID-48",
          "CSAFPID-49",
          "CSAFPID-50",
          "CSAFPID-51",
          "CSAFPID-52",
          "CSAFPID-53"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-20834 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20834.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.6,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20",
            "CSAFPID-21",
            "CSAFPID-22",
            "CSAFPID-23",
            "CSAFPID-24",
            "CSAFPID-25",
            "CSAFPID-26",
            "CSAFPID-27",
            "CSAFPID-28",
            "CSAFPID-29",
            "CSAFPID-30",
            "CSAFPID-31",
            "CSAFPID-32",
            "CSAFPID-33",
            "CSAFPID-34",
            "CSAFPID-35",
            "CSAFPID-36",
            "CSAFPID-37",
            "CSAFPID-38",
            "CSAFPID-39",
            "CSAFPID-40",
            "CSAFPID-41",
            "CSAFPID-42",
            "CSAFPID-43",
            "CSAFPID-44",
            "CSAFPID-45",
            "CSAFPID-46",
            "CSAFPID-47",
            "CSAFPID-48",
            "CSAFPID-49",
            "CSAFPID-50",
            "CSAFPID-51",
            "CSAFPID-52",
            "CSAFPID-53"
          ]
        }
      ],
      "title": "CVE-2026-20834"
    },
    {
      "cve": "CVE-2026-20835",
      "cwe": {
        "id": "CWE-125",
        "name": "Out-of-bounds Read"
      },
      "notes": [
        {
          "category": "other",
          "text": "Out-of-bounds Read",
          "title": "CWE-125"
        },
        {
          "category": "description",
          "text": "An out-of-bounds read vulnerability in the Capability Access Management Service (camsvc) allows an authorized attacker to locally disclose sensitive information.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20",
          "CSAFPID-21",
          "CSAFPID-22",
          "CSAFPID-23",
          "CSAFPID-24",
          "CSAFPID-25",
          "CSAFPID-26",
          "CSAFPID-27",
          "CSAFPID-28",
          "CSAFPID-29",
          "CSAFPID-30",
          "CSAFPID-31",
          "CSAFPID-32",
          "CSAFPID-33",
          "CSAFPID-34",
          "CSAFPID-35",
          "CSAFPID-36",
          "CSAFPID-37",
          "CSAFPID-38",
          "CSAFPID-39",
          "CSAFPID-40",
          "CSAFPID-41",
          "CSAFPID-42",
          "CSAFPID-43",
          "CSAFPID-44",
          "CSAFPID-45",
          "CSAFPID-46",
          "CSAFPID-47",
          "CSAFPID-48",
          "CSAFPID-49",
          "CSAFPID-50",
          "CSAFPID-51",
          "CSAFPID-52",
          "CSAFPID-53"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-20835 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20835.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20",
            "CSAFPID-21",
            "CSAFPID-22",
            "CSAFPID-23",
            "CSAFPID-24",
            "CSAFPID-25",
            "CSAFPID-26",
            "CSAFPID-27",
            "CSAFPID-28",
            "CSAFPID-29",
            "CSAFPID-30",
            "CSAFPID-31",
            "CSAFPID-32",
            "CSAFPID-33",
            "CSAFPID-34",
            "CSAFPID-35",
            "CSAFPID-36",
            "CSAFPID-37",
            "CSAFPID-38",
            "CSAFPID-39",
            "CSAFPID-40",
            "CSAFPID-41",
            "CSAFPID-42",
            "CSAFPID-43",
            "CSAFPID-44",
            "CSAFPID-45",
            "CSAFPID-46",
            "CSAFPID-47",
            "CSAFPID-48",
            "CSAFPID-49",
            "CSAFPID-50",
            "CSAFPID-51",
            "CSAFPID-52",
            "CSAFPID-53"
          ]
        }
      ],
      "title": "CVE-2026-20835"
    },
    {
      "cve": "CVE-2026-20836",
      "cwe": {
        "id": "CWE-362",
        "name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)"
      },
      "notes": [
        {
          "category": "other",
          "text": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
          "title": "CWE-362"
        },
        {
          "category": "description",
          "text": "Improper synchronization in the Graphics Kernel during concurrent execution can allow an authorized attacker to exploit a race condition to elevate their privileges locally.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20",
          "CSAFPID-21",
          "CSAFPID-22",
          "CSAFPID-23",
          "CSAFPID-24",
          "CSAFPID-25",
          "CSAFPID-26",
          "CSAFPID-27",
          "CSAFPID-28",
          "CSAFPID-29",
          "CSAFPID-30",
          "CSAFPID-31",
          "CSAFPID-32",
          "CSAFPID-33",
          "CSAFPID-34",
          "CSAFPID-35",
          "CSAFPID-36",
          "CSAFPID-37",
          "CSAFPID-38",
          "CSAFPID-39",
          "CSAFPID-40",
          "CSAFPID-41",
          "CSAFPID-42",
          "CSAFPID-43",
          "CSAFPID-44",
          "CSAFPID-45",
          "CSAFPID-46",
          "CSAFPID-47",
          "CSAFPID-48",
          "CSAFPID-49",
          "CSAFPID-50",
          "CSAFPID-51",
          "CSAFPID-52",
          "CSAFPID-53"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-20836 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20836.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.0,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20",
            "CSAFPID-21",
            "CSAFPID-22",
            "CSAFPID-23",
            "CSAFPID-24",
            "CSAFPID-25",
            "CSAFPID-26",
            "CSAFPID-27",
            "CSAFPID-28",
            "CSAFPID-29",
            "CSAFPID-30",
            "CSAFPID-31",
            "CSAFPID-32",
            "CSAFPID-33",
            "CSAFPID-34",
            "CSAFPID-35",
            "CSAFPID-36",
            "CSAFPID-37",
            "CSAFPID-38",
            "CSAFPID-39",
            "CSAFPID-40",
            "CSAFPID-41",
            "CSAFPID-42",
            "CSAFPID-43",
            "CSAFPID-44",
            "CSAFPID-45",
            "CSAFPID-46",
            "CSAFPID-47",
            "CSAFPID-48",
            "CSAFPID-49",
            "CSAFPID-50",
            "CSAFPID-51",
            "CSAFPID-52",
            "CSAFPID-53"
          ]
        }
      ],
      "title": "CVE-2026-20836"
    },
    {
      "cve": "CVE-2026-20837",
      "cwe": {
        "id": "CWE-122",
        "name": "Heap-based Buffer Overflow"
      },
      "notes": [
        {
          "category": "other",
          "text": "Heap-based Buffer Overflow",
          "title": "CWE-122"
        },
        {
          "category": "description",
          "text": "A heap-based buffer overflow vulnerability in Windows Media allows unauthorized attackers to execute code locally, posing a significant security risk.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20",
          "CSAFPID-21",
          "CSAFPID-22",
          "CSAFPID-23",
          "CSAFPID-24",
          "CSAFPID-25",
          "CSAFPID-26",
          "CSAFPID-27",
          "CSAFPID-28",
          "CSAFPID-29",
          "CSAFPID-30",
          "CSAFPID-31",
          "CSAFPID-32",
          "CSAFPID-33",
          "CSAFPID-34",
          "CSAFPID-35",
          "CSAFPID-36",
          "CSAFPID-37",
          "CSAFPID-38",
          "CSAFPID-39",
          "CSAFPID-40",
          "CSAFPID-41",
          "CSAFPID-42",
          "CSAFPID-43",
          "CSAFPID-44",
          "CSAFPID-45",
          "CSAFPID-46",
          "CSAFPID-47",
          "CSAFPID-48",
          "CSAFPID-49",
          "CSAFPID-50",
          "CSAFPID-51",
          "CSAFPID-52",
          "CSAFPID-53"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-20837 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20837.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20",
            "CSAFPID-21",
            "CSAFPID-22",
            "CSAFPID-23",
            "CSAFPID-24",
            "CSAFPID-25",
            "CSAFPID-26",
            "CSAFPID-27",
            "CSAFPID-28",
            "CSAFPID-29",
            "CSAFPID-30",
            "CSAFPID-31",
            "CSAFPID-32",
            "CSAFPID-33",
            "CSAFPID-34",
            "CSAFPID-35",
            "CSAFPID-36",
            "CSAFPID-37",
            "CSAFPID-38",
            "CSAFPID-39",
            "CSAFPID-40",
            "CSAFPID-41",
            "CSAFPID-42",
            "CSAFPID-43",
            "CSAFPID-44",
            "CSAFPID-45",
            "CSAFPID-46",
            "CSAFPID-47",
            "CSAFPID-48",
            "CSAFPID-49",
            "CSAFPID-50",
            "CSAFPID-51",
            "CSAFPID-52",
            "CSAFPID-53"
          ]
        }
      ],
      "title": "CVE-2026-20837"
    },
    {
      "cve": "CVE-2026-20838",
      "cwe": {
        "id": "CWE-209",
        "name": "Generation of Error Message Containing Sensitive Information"
      },
      "notes": [
        {
          "category": "other",
          "text": "Generation of Error Message Containing Sensitive Information",
          "title": "CWE-209"
        },
        {
          "category": "description",
          "text": "The Windows Kernel can produce error messages that may inadvertently reveal sensitive information, potentially enabling authorized attackers to access this data locally.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20",
          "CSAFPID-21",
          "CSAFPID-22",
          "CSAFPID-23",
          "CSAFPID-24",
          "CSAFPID-25",
          "CSAFPID-26",
          "CSAFPID-27",
          "CSAFPID-28",
          "CSAFPID-29",
          "CSAFPID-30",
          "CSAFPID-31",
          "CSAFPID-32",
          "CSAFPID-33",
          "CSAFPID-34",
          "CSAFPID-35",
          "CSAFPID-36",
          "CSAFPID-37",
          "CSAFPID-38",
          "CSAFPID-39",
          "CSAFPID-40",
          "CSAFPID-41",
          "CSAFPID-42",
          "CSAFPID-43",
          "CSAFPID-44",
          "CSAFPID-45",
          "CSAFPID-46",
          "CSAFPID-47",
          "CSAFPID-48",
          "CSAFPID-49",
          "CSAFPID-50",
          "CSAFPID-51",
          "CSAFPID-52",
          "CSAFPID-53"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-20838 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20838.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20",
            "CSAFPID-21",
            "CSAFPID-22",
            "CSAFPID-23",
            "CSAFPID-24",
            "CSAFPID-25",
            "CSAFPID-26",
            "CSAFPID-27",
            "CSAFPID-28",
            "CSAFPID-29",
            "CSAFPID-30",
            "CSAFPID-31",
            "CSAFPID-32",
            "CSAFPID-33",
            "CSAFPID-34",
            "CSAFPID-35",
            "CSAFPID-36",
            "CSAFPID-37",
            "CSAFPID-38",
            "CSAFPID-39",
            "CSAFPID-40",
            "CSAFPID-41",
            "CSAFPID-42",
            "CSAFPID-43",
            "CSAFPID-44",
            "CSAFPID-45",
            "CSAFPID-46",
            "CSAFPID-47",
            "CSAFPID-48",
            "CSAFPID-49",
            "CSAFPID-50",
            "CSAFPID-51",
            "CSAFPID-52",
            "CSAFPID-53"
          ]
        }
      ],
      "title": "CVE-2026-20838"
    },
    {
      "cve": "CVE-2026-20839",
      "cwe": {
        "id": "CWE-284",
        "name": "Improper Access Control"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Access Control",
          "title": "CWE-284"
        },
        {
          "category": "description",
          "text": "The Windows Client-Side Caching (CSC) Service has an improper access control vulnerability that allows authorized attackers to locally disclose sensitive information.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20",
          "CSAFPID-21",
          "CSAFPID-22",
          "CSAFPID-23",
          "CSAFPID-24",
          "CSAFPID-25",
          "CSAFPID-26",
          "CSAFPID-27",
          "CSAFPID-28",
          "CSAFPID-29",
          "CSAFPID-30",
          "CSAFPID-31",
          "CSAFPID-32",
          "CSAFPID-33",
          "CSAFPID-34",
          "CSAFPID-35",
          "CSAFPID-36",
          "CSAFPID-37",
          "CSAFPID-38",
          "CSAFPID-39",
          "CSAFPID-40",
          "CSAFPID-41",
          "CSAFPID-42",
          "CSAFPID-43",
          "CSAFPID-44",
          "CSAFPID-45",
          "CSAFPID-46",
          "CSAFPID-47",
          "CSAFPID-48",
          "CSAFPID-49",
          "CSAFPID-50",
          "CSAFPID-51",
          "CSAFPID-52",
          "CSAFPID-53"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-20839 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20839.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20",
            "CSAFPID-21",
            "CSAFPID-22",
            "CSAFPID-23",
            "CSAFPID-24",
            "CSAFPID-25",
            "CSAFPID-26",
            "CSAFPID-27",
            "CSAFPID-28",
            "CSAFPID-29",
            "CSAFPID-30",
            "CSAFPID-31",
            "CSAFPID-32",
            "CSAFPID-33",
            "CSAFPID-34",
            "CSAFPID-35",
            "CSAFPID-36",
            "CSAFPID-37",
            "CSAFPID-38",
            "CSAFPID-39",
            "CSAFPID-40",
            "CSAFPID-41",
            "CSAFPID-42",
            "CSAFPID-43",
            "CSAFPID-44",
            "CSAFPID-45",
            "CSAFPID-46",
            "CSAFPID-47",
            "CSAFPID-48",
            "CSAFPID-49",
            "CSAFPID-50",
            "CSAFPID-51",
            "CSAFPID-52",
            "CSAFPID-53"
          ]
        }
      ],
      "title": "CVE-2026-20839"
    },
    {
      "cve": "CVE-2026-20840",
      "cwe": {
        "id": "CWE-122",
        "name": "Heap-based Buffer Overflow"
      },
      "notes": [
        {
          "category": "other",
          "text": "Heap-based Buffer Overflow",
          "title": "CWE-122"
        },
        {
          "category": "description",
          "text": "A heap-based buffer overflow vulnerability in Windows NTFS allows an authorized attacker to execute code locally.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20",
          "CSAFPID-21",
          "CSAFPID-22",
          "CSAFPID-23",
          "CSAFPID-24",
          "CSAFPID-25",
          "CSAFPID-26",
          "CSAFPID-27",
          "CSAFPID-28",
          "CSAFPID-29",
          "CSAFPID-30",
          "CSAFPID-31",
          "CSAFPID-32",
          "CSAFPID-33",
          "CSAFPID-34",
          "CSAFPID-35",
          "CSAFPID-36",
          "CSAFPID-37",
          "CSAFPID-38",
          "CSAFPID-39",
          "CSAFPID-40",
          "CSAFPID-41",
          "CSAFPID-42",
          "CSAFPID-43",
          "CSAFPID-44",
          "CSAFPID-45",
          "CSAFPID-46",
          "CSAFPID-47",
          "CSAFPID-48",
          "CSAFPID-49",
          "CSAFPID-50",
          "CSAFPID-51",
          "CSAFPID-52",
          "CSAFPID-53"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-20840 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20840.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20",
            "CSAFPID-21",
            "CSAFPID-22",
            "CSAFPID-23",
            "CSAFPID-24",
            "CSAFPID-25",
            "CSAFPID-26",
            "CSAFPID-27",
            "CSAFPID-28",
            "CSAFPID-29",
            "CSAFPID-30",
            "CSAFPID-31",
            "CSAFPID-32",
            "CSAFPID-33",
            "CSAFPID-34",
            "CSAFPID-35",
            "CSAFPID-36",
            "CSAFPID-37",
            "CSAFPID-38",
            "CSAFPID-39",
            "CSAFPID-40",
            "CSAFPID-41",
            "CSAFPID-42",
            "CSAFPID-43",
            "CSAFPID-44",
            "CSAFPID-45",
            "CSAFPID-46",
            "CSAFPID-47",
            "CSAFPID-48",
            "CSAFPID-49",
            "CSAFPID-50",
            "CSAFPID-51",
            "CSAFPID-52",
            "CSAFPID-53"
          ]
        }
      ],
      "title": "CVE-2026-20840"
    },
    {
      "cve": "CVE-2026-20842",
      "cwe": {
        "id": "CWE-416",
        "name": "Use After Free"
      },
      "notes": [
        {
          "category": "other",
          "text": "Use After Free",
          "title": "CWE-416"
        },
        {
          "category": "description",
          "text": "A use after free vulnerability in Windows DWM allows an authorized attacker to locally elevate their privileges.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20",
          "CSAFPID-21",
          "CSAFPID-22",
          "CSAFPID-23",
          "CSAFPID-24",
          "CSAFPID-25",
          "CSAFPID-26",
          "CSAFPID-27",
          "CSAFPID-28",
          "CSAFPID-29",
          "CSAFPID-30",
          "CSAFPID-31",
          "CSAFPID-32",
          "CSAFPID-33",
          "CSAFPID-34",
          "CSAFPID-35",
          "CSAFPID-36",
          "CSAFPID-37",
          "CSAFPID-38",
          "CSAFPID-39",
          "CSAFPID-40",
          "CSAFPID-41",
          "CSAFPID-42",
          "CSAFPID-43",
          "CSAFPID-44",
          "CSAFPID-45",
          "CSAFPID-46",
          "CSAFPID-47",
          "CSAFPID-48",
          "CSAFPID-49",
          "CSAFPID-50",
          "CSAFPID-51",
          "CSAFPID-52",
          "CSAFPID-53"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-20842 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20842.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.0,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20",
            "CSAFPID-21",
            "CSAFPID-22",
            "CSAFPID-23",
            "CSAFPID-24",
            "CSAFPID-25",
            "CSAFPID-26",
            "CSAFPID-27",
            "CSAFPID-28",
            "CSAFPID-29",
            "CSAFPID-30",
            "CSAFPID-31",
            "CSAFPID-32",
            "CSAFPID-33",
            "CSAFPID-34",
            "CSAFPID-35",
            "CSAFPID-36",
            "CSAFPID-37",
            "CSAFPID-38",
            "CSAFPID-39",
            "CSAFPID-40",
            "CSAFPID-41",
            "CSAFPID-42",
            "CSAFPID-43",
            "CSAFPID-44",
            "CSAFPID-45",
            "CSAFPID-46",
            "CSAFPID-47",
            "CSAFPID-48",
            "CSAFPID-49",
            "CSAFPID-50",
            "CSAFPID-51",
            "CSAFPID-52",
            "CSAFPID-53"
          ]
        }
      ],
      "title": "CVE-2026-20842"
    },
    {
      "cve": "CVE-2026-20844",
      "cwe": {
        "id": "CWE-362",
        "name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)"
      },
      "notes": [
        {
          "category": "other",
          "text": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
          "title": "CWE-362"
        },
        {
          "category": "other",
          "text": "Use After Free",
          "title": "CWE-416"
        },
        {
          "category": "description",
          "text": "A vulnerability in the Windows Clipboard Server enables unauthorized attackers to locally elevate their privileges due to a use-after-free error.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20",
          "CSAFPID-21",
          "CSAFPID-22",
          "CSAFPID-23",
          "CSAFPID-24",
          "CSAFPID-25",
          "CSAFPID-26",
          "CSAFPID-27",
          "CSAFPID-28",
          "CSAFPID-29",
          "CSAFPID-30",
          "CSAFPID-31",
          "CSAFPID-32",
          "CSAFPID-33",
          "CSAFPID-34",
          "CSAFPID-35",
          "CSAFPID-36",
          "CSAFPID-37",
          "CSAFPID-38",
          "CSAFPID-39",
          "CSAFPID-40",
          "CSAFPID-41",
          "CSAFPID-42",
          "CSAFPID-43",
          "CSAFPID-44",
          "CSAFPID-45",
          "CSAFPID-46",
          "CSAFPID-47",
          "CSAFPID-48",
          "CSAFPID-49",
          "CSAFPID-50",
          "CSAFPID-51",
          "CSAFPID-52",
          "CSAFPID-53"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-20844 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20844.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.4,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20",
            "CSAFPID-21",
            "CSAFPID-22",
            "CSAFPID-23",
            "CSAFPID-24",
            "CSAFPID-25",
            "CSAFPID-26",
            "CSAFPID-27",
            "CSAFPID-28",
            "CSAFPID-29",
            "CSAFPID-30",
            "CSAFPID-31",
            "CSAFPID-32",
            "CSAFPID-33",
            "CSAFPID-34",
            "CSAFPID-35",
            "CSAFPID-36",
            "CSAFPID-37",
            "CSAFPID-38",
            "CSAFPID-39",
            "CSAFPID-40",
            "CSAFPID-41",
            "CSAFPID-42",
            "CSAFPID-43",
            "CSAFPID-44",
            "CSAFPID-45",
            "CSAFPID-46",
            "CSAFPID-47",
            "CSAFPID-48",
            "CSAFPID-49",
            "CSAFPID-50",
            "CSAFPID-51",
            "CSAFPID-52",
            "CSAFPID-53"
          ]
        }
      ],
      "title": "CVE-2026-20844"
    },
    {
      "cve": "CVE-2023-31096",
      "cwe": {
        "id": "CWE-121",
        "name": "Stack-based Buffer Overflow"
      },
      "notes": [
        {
          "category": "other",
          "text": "Stack-based Buffer Overflow",
          "title": "CWE-121"
        },
        {
          "category": "description",
          "text": "Microsoft will remove vulnerable Agere Soft Modem drivers in January 2026, while a Broadcom LSI PCI-SV92EX Soft Modem driver has a local privilege escalation vulnerability that could enable ransomware attacks.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20",
          "CSAFPID-21",
          "CSAFPID-22",
          "CSAFPID-23",
          "CSAFPID-24",
          "CSAFPID-25",
          "CSAFPID-26",
          "CSAFPID-27",
          "CSAFPID-28",
          "CSAFPID-29",
          "CSAFPID-30",
          "CSAFPID-31",
          "CSAFPID-32",
          "CSAFPID-33",
          "CSAFPID-34",
          "CSAFPID-35",
          "CSAFPID-36",
          "CSAFPID-37",
          "CSAFPID-38",
          "CSAFPID-39",
          "CSAFPID-40",
          "CSAFPID-41",
          "CSAFPID-42",
          "CSAFPID-43",
          "CSAFPID-44",
          "CSAFPID-45",
          "CSAFPID-46",
          "CSAFPID-47",
          "CSAFPID-48",
          "CSAFPID-49",
          "CSAFPID-50",
          "CSAFPID-51",
          "CSAFPID-52",
          "CSAFPID-53"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2023-31096 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2023/cve-2023-31096.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20",
            "CSAFPID-21",
            "CSAFPID-22",
            "CSAFPID-23",
            "CSAFPID-24",
            "CSAFPID-25",
            "CSAFPID-26",
            "CSAFPID-27",
            "CSAFPID-28",
            "CSAFPID-29",
            "CSAFPID-30",
            "CSAFPID-31",
            "CSAFPID-32",
            "CSAFPID-33",
            "CSAFPID-34",
            "CSAFPID-35",
            "CSAFPID-36",
            "CSAFPID-37",
            "CSAFPID-38",
            "CSAFPID-39",
            "CSAFPID-40",
            "CSAFPID-41",
            "CSAFPID-42",
            "CSAFPID-43",
            "CSAFPID-44",
            "CSAFPID-45",
            "CSAFPID-46",
            "CSAFPID-47",
            "CSAFPID-48",
            "CSAFPID-49",
            "CSAFPID-50",
            "CSAFPID-51",
            "CSAFPID-52",
            "CSAFPID-53"
          ]
        }
      ],
      "title": "CVE-2023-31096"
    },
    {
      "cve": "CVE-2026-20847",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "notes": [
        {
          "category": "other",
          "text": "Exposure of Sensitive Information to an Unauthorized Actor",
          "title": "CWE-200"
        },
        {
          "category": "description",
          "text": "The document indicates that sensitive information exposure in Windows Shell can allow an authorized attacker to perform network spoofing.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20",
          "CSAFPID-21",
          "CSAFPID-22",
          "CSAFPID-23",
          "CSAFPID-24",
          "CSAFPID-25",
          "CSAFPID-26",
          "CSAFPID-27",
          "CSAFPID-28",
          "CSAFPID-29",
          "CSAFPID-30",
          "CSAFPID-31",
          "CSAFPID-32",
          "CSAFPID-33",
          "CSAFPID-34",
          "CSAFPID-35",
          "CSAFPID-36",
          "CSAFPID-37",
          "CSAFPID-38",
          "CSAFPID-39",
          "CSAFPID-40",
          "CSAFPID-41",
          "CSAFPID-42",
          "CSAFPID-43",
          "CSAFPID-44",
          "CSAFPID-45",
          "CSAFPID-46",
          "CSAFPID-47",
          "CSAFPID-48",
          "CSAFPID-49",
          "CSAFPID-50",
          "CSAFPID-51",
          "CSAFPID-52",
          "CSAFPID-53"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-20847 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20847.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20",
            "CSAFPID-21",
            "CSAFPID-22",
            "CSAFPID-23",
            "CSAFPID-24",
            "CSAFPID-25",
            "CSAFPID-26",
            "CSAFPID-27",
            "CSAFPID-28",
            "CSAFPID-29",
            "CSAFPID-30",
            "CSAFPID-31",
            "CSAFPID-32",
            "CSAFPID-33",
            "CSAFPID-34",
            "CSAFPID-35",
            "CSAFPID-36",
            "CSAFPID-37",
            "CSAFPID-38",
            "CSAFPID-39",
            "CSAFPID-40",
            "CSAFPID-41",
            "CSAFPID-42",
            "CSAFPID-43",
            "CSAFPID-44",
            "CSAFPID-45",
            "CSAFPID-46",
            "CSAFPID-47",
            "CSAFPID-48",
            "CSAFPID-49",
            "CSAFPID-50",
            "CSAFPID-51",
            "CSAFPID-52",
            "CSAFPID-53"
          ]
        }
      ],
      "title": "CVE-2026-20847"
    },
    {
      "cve": "CVE-2026-20851",
      "cwe": {
        "id": "CWE-125",
        "name": "Out-of-bounds Read"
      },
      "notes": [
        {
          "category": "other",
          "text": "Out-of-bounds Read",
          "title": "CWE-125"
        },
        {
          "category": "description",
          "text": "An out-of-bounds read vulnerability in the Capability Access Management Service (camsvc) allows unauthorized attackers to locally disclose sensitive information.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20",
          "CSAFPID-21",
          "CSAFPID-22",
          "CSAFPID-23",
          "CSAFPID-24",
          "CSAFPID-25",
          "CSAFPID-26",
          "CSAFPID-27",
          "CSAFPID-28",
          "CSAFPID-29",
          "CSAFPID-30",
          "CSAFPID-31",
          "CSAFPID-32",
          "CSAFPID-33",
          "CSAFPID-34",
          "CSAFPID-35",
          "CSAFPID-36",
          "CSAFPID-37",
          "CSAFPID-38",
          "CSAFPID-39",
          "CSAFPID-40",
          "CSAFPID-41",
          "CSAFPID-42",
          "CSAFPID-43",
          "CSAFPID-44",
          "CSAFPID-45",
          "CSAFPID-46",
          "CSAFPID-47",
          "CSAFPID-48",
          "CSAFPID-49",
          "CSAFPID-50",
          "CSAFPID-51",
          "CSAFPID-52",
          "CSAFPID-53"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-20851 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20851.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.2,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20",
            "CSAFPID-21",
            "CSAFPID-22",
            "CSAFPID-23",
            "CSAFPID-24",
            "CSAFPID-25",
            "CSAFPID-26",
            "CSAFPID-27",
            "CSAFPID-28",
            "CSAFPID-29",
            "CSAFPID-30",
            "CSAFPID-31",
            "CSAFPID-32",
            "CSAFPID-33",
            "CSAFPID-34",
            "CSAFPID-35",
            "CSAFPID-36",
            "CSAFPID-37",
            "CSAFPID-38",
            "CSAFPID-39",
            "CSAFPID-40",
            "CSAFPID-41",
            "CSAFPID-42",
            "CSAFPID-43",
            "CSAFPID-44",
            "CSAFPID-45",
            "CSAFPID-46",
            "CSAFPID-47",
            "CSAFPID-48",
            "CSAFPID-49",
            "CSAFPID-50",
            "CSAFPID-51",
            "CSAFPID-52",
            "CSAFPID-53"
          ]
        }
      ],
      "title": "CVE-2026-20851"
    },
    {
      "cve": "CVE-2026-20852",
      "cwe": {
        "id": "CWE-266",
        "name": "Incorrect Privilege Assignment"
      },
      "notes": [
        {
          "category": "other",
          "text": "Incorrect Privilege Assignment",
          "title": "CWE-266"
        },
        {
          "category": "description",
          "text": "A privilege assignment flaw in Windows Hello allows unauthorized attackers to locally manipulate the system.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20",
          "CSAFPID-21",
          "CSAFPID-22",
          "CSAFPID-23",
          "CSAFPID-24",
          "CSAFPID-25",
          "CSAFPID-26",
          "CSAFPID-27",
          "CSAFPID-28",
          "CSAFPID-29",
          "CSAFPID-30",
          "CSAFPID-31",
          "CSAFPID-32",
          "CSAFPID-33",
          "CSAFPID-34",
          "CSAFPID-35",
          "CSAFPID-36",
          "CSAFPID-37",
          "CSAFPID-38",
          "CSAFPID-39",
          "CSAFPID-40",
          "CSAFPID-41",
          "CSAFPID-42",
          "CSAFPID-43",
          "CSAFPID-44",
          "CSAFPID-45",
          "CSAFPID-46",
          "CSAFPID-47",
          "CSAFPID-48",
          "CSAFPID-49",
          "CSAFPID-50",
          "CSAFPID-51",
          "CSAFPID-52",
          "CSAFPID-53"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-20852 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20852.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.7,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20",
            "CSAFPID-21",
            "CSAFPID-22",
            "CSAFPID-23",
            "CSAFPID-24",
            "CSAFPID-25",
            "CSAFPID-26",
            "CSAFPID-27",
            "CSAFPID-28",
            "CSAFPID-29",
            "CSAFPID-30",
            "CSAFPID-31",
            "CSAFPID-32",
            "CSAFPID-33",
            "CSAFPID-34",
            "CSAFPID-35",
            "CSAFPID-36",
            "CSAFPID-37",
            "CSAFPID-38",
            "CSAFPID-39",
            "CSAFPID-40",
            "CSAFPID-41",
            "CSAFPID-42",
            "CSAFPID-43",
            "CSAFPID-44",
            "CSAFPID-45",
            "CSAFPID-46",
            "CSAFPID-47",
            "CSAFPID-48",
            "CSAFPID-49",
            "CSAFPID-50",
            "CSAFPID-51",
            "CSAFPID-52",
            "CSAFPID-53"
          ]
        }
      ],
      "title": "CVE-2026-20852"
    },
    {
      "cve": "CVE-2026-20856",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Input Validation",
          "title": "CWE-20"
        },
        {
          "category": "description",
          "text": "A vulnerability in Windows Server Update Service allows unauthorized attackers to execute code remotely due to improper input validation.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20",
          "CSAFPID-21",
          "CSAFPID-22",
          "CSAFPID-23",
          "CSAFPID-24",
          "CSAFPID-25",
          "CSAFPID-26",
          "CSAFPID-27",
          "CSAFPID-28",
          "CSAFPID-29",
          "CSAFPID-30",
          "CSAFPID-31",
          "CSAFPID-32",
          "CSAFPID-33",
          "CSAFPID-34",
          "CSAFPID-35",
          "CSAFPID-36",
          "CSAFPID-37",
          "CSAFPID-38",
          "CSAFPID-39",
          "CSAFPID-40",
          "CSAFPID-41",
          "CSAFPID-42",
          "CSAFPID-43",
          "CSAFPID-44",
          "CSAFPID-45",
          "CSAFPID-46",
          "CSAFPID-47",
          "CSAFPID-48",
          "CSAFPID-49",
          "CSAFPID-50",
          "CSAFPID-51",
          "CSAFPID-52",
          "CSAFPID-53"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-20856 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20856.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20",
            "CSAFPID-21",
            "CSAFPID-22",
            "CSAFPID-23",
            "CSAFPID-24",
            "CSAFPID-25",
            "CSAFPID-26",
            "CSAFPID-27",
            "CSAFPID-28",
            "CSAFPID-29",
            "CSAFPID-30",
            "CSAFPID-31",
            "CSAFPID-32",
            "CSAFPID-33",
            "CSAFPID-34",
            "CSAFPID-35",
            "CSAFPID-36",
            "CSAFPID-37",
            "CSAFPID-38",
            "CSAFPID-39",
            "CSAFPID-40",
            "CSAFPID-41",
            "CSAFPID-42",
            "CSAFPID-43",
            "CSAFPID-44",
            "CSAFPID-45",
            "CSAFPID-46",
            "CSAFPID-47",
            "CSAFPID-48",
            "CSAFPID-49",
            "CSAFPID-50",
            "CSAFPID-51",
            "CSAFPID-52",
            "CSAFPID-53"
          ]
        }
      ],
      "title": "CVE-2026-20856"
    },
    {
      "cve": "CVE-2026-20857",
      "cwe": {
        "id": "CWE-822",
        "name": "Untrusted Pointer Dereference"
      },
      "notes": [
        {
          "category": "other",
          "text": "Untrusted Pointer Dereference",
          "title": "CWE-822"
        },
        {
          "category": "description",
          "text": "A vulnerability in the Windows Cloud Files Mini Filter Driver allows an authorized attacker to locally elevate their privileges through untrusted pointer dereference.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20",
          "CSAFPID-21",
          "CSAFPID-22",
          "CSAFPID-23",
          "CSAFPID-24",
          "CSAFPID-25",
          "CSAFPID-26",
          "CSAFPID-27",
          "CSAFPID-28",
          "CSAFPID-29",
          "CSAFPID-30",
          "CSAFPID-31",
          "CSAFPID-32",
          "CSAFPID-33",
          "CSAFPID-34",
          "CSAFPID-35",
          "CSAFPID-36",
          "CSAFPID-37",
          "CSAFPID-38",
          "CSAFPID-39",
          "CSAFPID-40",
          "CSAFPID-41",
          "CSAFPID-42",
          "CSAFPID-43",
          "CSAFPID-44",
          "CSAFPID-45",
          "CSAFPID-46",
          "CSAFPID-47",
          "CSAFPID-48",
          "CSAFPID-49",
          "CSAFPID-50",
          "CSAFPID-51",
          "CSAFPID-52",
          "CSAFPID-53"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-20857 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20857.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20",
            "CSAFPID-21",
            "CSAFPID-22",
            "CSAFPID-23",
            "CSAFPID-24",
            "CSAFPID-25",
            "CSAFPID-26",
            "CSAFPID-27",
            "CSAFPID-28",
            "CSAFPID-29",
            "CSAFPID-30",
            "CSAFPID-31",
            "CSAFPID-32",
            "CSAFPID-33",
            "CSAFPID-34",
            "CSAFPID-35",
            "CSAFPID-36",
            "CSAFPID-37",
            "CSAFPID-38",
            "CSAFPID-39",
            "CSAFPID-40",
            "CSAFPID-41",
            "CSAFPID-42",
            "CSAFPID-43",
            "CSAFPID-44",
            "CSAFPID-45",
            "CSAFPID-46",
            "CSAFPID-47",
            "CSAFPID-48",
            "CSAFPID-49",
            "CSAFPID-50",
            "CSAFPID-51",
            "CSAFPID-52",
            "CSAFPID-53"
          ]
        }
      ],
      "title": "CVE-2026-20857"
    },
    {
      "cve": "CVE-2026-20858",
      "cwe": {
        "id": "CWE-362",
        "name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)"
      },
      "notes": [
        {
          "category": "other",
          "text": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
          "title": "CWE-362"
        },
        {
          "category": "other",
          "text": "Use After Free",
          "title": "CWE-416"
        },
        {
          "category": "description",
          "text": "A use after free vulnerability in Windows Management Services allows an authorized attacker to locally elevate their privileges.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20",
          "CSAFPID-21",
          "CSAFPID-22",
          "CSAFPID-23",
          "CSAFPID-24",
          "CSAFPID-25",
          "CSAFPID-26",
          "CSAFPID-27",
          "CSAFPID-28",
          "CSAFPID-29",
          "CSAFPID-30",
          "CSAFPID-31",
          "CSAFPID-32",
          "CSAFPID-33",
          "CSAFPID-34",
          "CSAFPID-35",
          "CSAFPID-36",
          "CSAFPID-37",
          "CSAFPID-38",
          "CSAFPID-39",
          "CSAFPID-40",
          "CSAFPID-41",
          "CSAFPID-42",
          "CSAFPID-43",
          "CSAFPID-44",
          "CSAFPID-45",
          "CSAFPID-46",
          "CSAFPID-47",
          "CSAFPID-48",
          "CSAFPID-49",
          "CSAFPID-50",
          "CSAFPID-51",
          "CSAFPID-52",
          "CSAFPID-53"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-20858 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20858.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:T/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20",
            "CSAFPID-21",
            "CSAFPID-22",
            "CSAFPID-23",
            "CSAFPID-24",
            "CSAFPID-25",
            "CSAFPID-26",
            "CSAFPID-27",
            "CSAFPID-28",
            "CSAFPID-29",
            "CSAFPID-30",
            "CSAFPID-31",
            "CSAFPID-32",
            "CSAFPID-33",
            "CSAFPID-34",
            "CSAFPID-35",
            "CSAFPID-36",
            "CSAFPID-37",
            "CSAFPID-38",
            "CSAFPID-39",
            "CSAFPID-40",
            "CSAFPID-41",
            "CSAFPID-42",
            "CSAFPID-43",
            "CSAFPID-44",
            "CSAFPID-45",
            "CSAFPID-46",
            "CSAFPID-47",
            "CSAFPID-48",
            "CSAFPID-49",
            "CSAFPID-50",
            "CSAFPID-51",
            "CSAFPID-52",
            "CSAFPID-53"
          ]
        }
      ],
      "title": "CVE-2026-20858"
    },
    {
      "cve": "CVE-2026-20859",
      "cwe": {
        "id": "CWE-416",
        "name": "Use After Free"
      },
      "notes": [
        {
          "category": "other",
          "text": "Use After Free",
          "title": "CWE-416"
        },
        {
          "category": "description",
          "text": "A use after free vulnerability in Windows Kernel-Mode Drivers allows an authorized attacker to locally elevate their privileges.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20",
          "CSAFPID-21",
          "CSAFPID-22",
          "CSAFPID-23",
          "CSAFPID-24",
          "CSAFPID-25",
          "CSAFPID-26",
          "CSAFPID-27",
          "CSAFPID-28",
          "CSAFPID-29",
          "CSAFPID-30",
          "CSAFPID-31",
          "CSAFPID-32",
          "CSAFPID-33",
          "CSAFPID-34",
          "CSAFPID-35",
          "CSAFPID-36",
          "CSAFPID-37",
          "CSAFPID-38",
          "CSAFPID-39",
          "CSAFPID-40",
          "CSAFPID-41",
          "CSAFPID-42",
          "CSAFPID-43",
          "CSAFPID-44",
          "CSAFPID-45",
          "CSAFPID-46",
          "CSAFPID-47",
          "CSAFPID-48",
          "CSAFPID-49",
          "CSAFPID-50",
          "CSAFPID-51",
          "CSAFPID-52",
          "CSAFPID-53"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-20859 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20859.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20",
            "CSAFPID-21",
            "CSAFPID-22",
            "CSAFPID-23",
            "CSAFPID-24",
            "CSAFPID-25",
            "CSAFPID-26",
            "CSAFPID-27",
            "CSAFPID-28",
            "CSAFPID-29",
            "CSAFPID-30",
            "CSAFPID-31",
            "CSAFPID-32",
            "CSAFPID-33",
            "CSAFPID-34",
            "CSAFPID-35",
            "CSAFPID-36",
            "CSAFPID-37",
            "CSAFPID-38",
            "CSAFPID-39",
            "CSAFPID-40",
            "CSAFPID-41",
            "CSAFPID-42",
            "CSAFPID-43",
            "CSAFPID-44",
            "CSAFPID-45",
            "CSAFPID-46",
            "CSAFPID-47",
            "CSAFPID-48",
            "CSAFPID-49",
            "CSAFPID-50",
            "CSAFPID-51",
            "CSAFPID-52",
            "CSAFPID-53"
          ]
        }
      ],
      "title": "CVE-2026-20859"
    },
    {
      "cve": "CVE-2026-20860",
      "cwe": {
        "id": "CWE-843",
        "name": "Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)"
      },
      "notes": [
        {
          "category": "other",
          "text": "Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)",
          "title": "CWE-843"
        },
        {
          "category": "description",
          "text": "A type confusion vulnerability in the Windows Ancillary Function Driver for WinSock allows an authorized attacker to locally elevate their privileges.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20",
          "CSAFPID-21",
          "CSAFPID-22",
          "CSAFPID-23",
          "CSAFPID-24",
          "CSAFPID-25",
          "CSAFPID-26",
          "CSAFPID-27",
          "CSAFPID-28",
          "CSAFPID-29",
          "CSAFPID-30",
          "CSAFPID-31",
          "CSAFPID-32",
          "CSAFPID-33",
          "CSAFPID-34",
          "CSAFPID-35",
          "CSAFPID-36",
          "CSAFPID-37",
          "CSAFPID-38",
          "CSAFPID-39",
          "CSAFPID-40",
          "CSAFPID-41",
          "CSAFPID-42",
          "CSAFPID-43",
          "CSAFPID-44",
          "CSAFPID-45",
          "CSAFPID-46",
          "CSAFPID-47",
          "CSAFPID-48",
          "CSAFPID-49",
          "CSAFPID-50",
          "CSAFPID-51",
          "CSAFPID-52",
          "CSAFPID-53"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-20860 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20860.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20",
            "CSAFPID-21",
            "CSAFPID-22",
            "CSAFPID-23",
            "CSAFPID-24",
            "CSAFPID-25",
            "CSAFPID-26",
            "CSAFPID-27",
            "CSAFPID-28",
            "CSAFPID-29",
            "CSAFPID-30",
            "CSAFPID-31",
            "CSAFPID-32",
            "CSAFPID-33",
            "CSAFPID-34",
            "CSAFPID-35",
            "CSAFPID-36",
            "CSAFPID-37",
            "CSAFPID-38",
            "CSAFPID-39",
            "CSAFPID-40",
            "CSAFPID-41",
            "CSAFPID-42",
            "CSAFPID-43",
            "CSAFPID-44",
            "CSAFPID-45",
            "CSAFPID-46",
            "CSAFPID-47",
            "CSAFPID-48",
            "CSAFPID-49",
            "CSAFPID-50",
            "CSAFPID-51",
            "CSAFPID-52",
            "CSAFPID-53"
          ]
        }
      ],
      "title": "CVE-2026-20860"
    },
    {
      "cve": "CVE-2026-20864",
      "cwe": {
        "id": "CWE-122",
        "name": "Heap-based Buffer Overflow"
      },
      "notes": [
        {
          "category": "other",
          "text": "Heap-based Buffer Overflow",
          "title": "CWE-122"
        },
        {
          "category": "description",
          "text": "A heap-based buffer overflow vulnerability in the Connected Devices Platform Service (Cdpsvc) allows an authorized attacker to locally elevate their privileges.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20",
          "CSAFPID-21",
          "CSAFPID-22",
          "CSAFPID-23",
          "CSAFPID-24",
          "CSAFPID-25",
          "CSAFPID-26",
          "CSAFPID-27",
          "CSAFPID-28",
          "CSAFPID-29",
          "CSAFPID-30",
          "CSAFPID-31",
          "CSAFPID-32",
          "CSAFPID-33",
          "CSAFPID-34",
          "CSAFPID-35",
          "CSAFPID-36",
          "CSAFPID-37",
          "CSAFPID-38",
          "CSAFPID-39",
          "CSAFPID-40",
          "CSAFPID-41",
          "CSAFPID-42",
          "CSAFPID-43",
          "CSAFPID-44",
          "CSAFPID-45",
          "CSAFPID-46",
          "CSAFPID-47",
          "CSAFPID-48",
          "CSAFPID-49",
          "CSAFPID-50",
          "CSAFPID-51",
          "CSAFPID-52",
          "CSAFPID-53"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-20864 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20864.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20",
            "CSAFPID-21",
            "CSAFPID-22",
            "CSAFPID-23",
            "CSAFPID-24",
            "CSAFPID-25",
            "CSAFPID-26",
            "CSAFPID-27",
            "CSAFPID-28",
            "CSAFPID-29",
            "CSAFPID-30",
            "CSAFPID-31",
            "CSAFPID-32",
            "CSAFPID-33",
            "CSAFPID-34",
            "CSAFPID-35",
            "CSAFPID-36",
            "CSAFPID-37",
            "CSAFPID-38",
            "CSAFPID-39",
            "CSAFPID-40",
            "CSAFPID-41",
            "CSAFPID-42",
            "CSAFPID-43",
            "CSAFPID-44",
            "CSAFPID-45",
            "CSAFPID-46",
            "CSAFPID-47",
            "CSAFPID-48",
            "CSAFPID-49",
            "CSAFPID-50",
            "CSAFPID-51",
            "CSAFPID-52",
            "CSAFPID-53"
          ]
        }
      ],
      "title": "CVE-2026-20864"
    },
    {
      "cve": "CVE-2026-20865",
      "cwe": {
        "id": "CWE-416",
        "name": "Use After Free"
      },
      "notes": [
        {
          "category": "other",
          "text": "Use After Free",
          "title": "CWE-416"
        },
        {
          "category": "description",
          "text": "A use after free vulnerability in Windows Management Services allows an authorized attacker to locally elevate their privileges.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20",
          "CSAFPID-21",
          "CSAFPID-22",
          "CSAFPID-23",
          "CSAFPID-24",
          "CSAFPID-25",
          "CSAFPID-26",
          "CSAFPID-27",
          "CSAFPID-28",
          "CSAFPID-29",
          "CSAFPID-30",
          "CSAFPID-31",
          "CSAFPID-32",
          "CSAFPID-33",
          "CSAFPID-34",
          "CSAFPID-35",
          "CSAFPID-36",
          "CSAFPID-37",
          "CSAFPID-38",
          "CSAFPID-39",
          "CSAFPID-40",
          "CSAFPID-41",
          "CSAFPID-42",
          "CSAFPID-43",
          "CSAFPID-44",
          "CSAFPID-45",
          "CSAFPID-46",
          "CSAFPID-47",
          "CSAFPID-48",
          "CSAFPID-49",
          "CSAFPID-50",
          "CSAFPID-51",
          "CSAFPID-52",
          "CSAFPID-53"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-20865 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20865.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20",
            "CSAFPID-21",
            "CSAFPID-22",
            "CSAFPID-23",
            "CSAFPID-24",
            "CSAFPID-25",
            "CSAFPID-26",
            "CSAFPID-27",
            "CSAFPID-28",
            "CSAFPID-29",
            "CSAFPID-30",
            "CSAFPID-31",
            "CSAFPID-32",
            "CSAFPID-33",
            "CSAFPID-34",
            "CSAFPID-35",
            "CSAFPID-36",
            "CSAFPID-37",
            "CSAFPID-38",
            "CSAFPID-39",
            "CSAFPID-40",
            "CSAFPID-41",
            "CSAFPID-42",
            "CSAFPID-43",
            "CSAFPID-44",
            "CSAFPID-45",
            "CSAFPID-46",
            "CSAFPID-47",
            "CSAFPID-48",
            "CSAFPID-49",
            "CSAFPID-50",
            "CSAFPID-51",
            "CSAFPID-52",
            "CSAFPID-53"
          ]
        }
      ],
      "title": "CVE-2026-20865"
    },
    {
      "cve": "CVE-2026-20869",
      "cwe": {
        "id": "CWE-362",
        "name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)"
      },
      "notes": [
        {
          "category": "other",
          "text": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
          "title": "CWE-362"
        },
        {
          "category": "description",
          "text": "A race condition in the Windows Local Session Manager (LSM) allows authorized attackers to locally elevate privileges, leading to potential local privilege escalation.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20",
          "CSAFPID-21",
          "CSAFPID-22",
          "CSAFPID-23",
          "CSAFPID-24",
          "CSAFPID-25",
          "CSAFPID-26",
          "CSAFPID-27",
          "CSAFPID-28",
          "CSAFPID-29",
          "CSAFPID-30",
          "CSAFPID-31",
          "CSAFPID-32",
          "CSAFPID-33",
          "CSAFPID-34",
          "CSAFPID-35",
          "CSAFPID-36",
          "CSAFPID-37",
          "CSAFPID-38",
          "CSAFPID-39",
          "CSAFPID-40",
          "CSAFPID-41",
          "CSAFPID-42",
          "CSAFPID-43",
          "CSAFPID-44",
          "CSAFPID-45",
          "CSAFPID-46",
          "CSAFPID-47",
          "CSAFPID-48",
          "CSAFPID-49",
          "CSAFPID-50",
          "CSAFPID-51",
          "CSAFPID-52",
          "CSAFPID-53"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-20869 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20869.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.0,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20",
            "CSAFPID-21",
            "CSAFPID-22",
            "CSAFPID-23",
            "CSAFPID-24",
            "CSAFPID-25",
            "CSAFPID-26",
            "CSAFPID-27",
            "CSAFPID-28",
            "CSAFPID-29",
            "CSAFPID-30",
            "CSAFPID-31",
            "CSAFPID-32",
            "CSAFPID-33",
            "CSAFPID-34",
            "CSAFPID-35",
            "CSAFPID-36",
            "CSAFPID-37",
            "CSAFPID-38",
            "CSAFPID-39",
            "CSAFPID-40",
            "CSAFPID-41",
            "CSAFPID-42",
            "CSAFPID-43",
            "CSAFPID-44",
            "CSAFPID-45",
            "CSAFPID-46",
            "CSAFPID-47",
            "CSAFPID-48",
            "CSAFPID-49",
            "CSAFPID-50",
            "CSAFPID-51",
            "CSAFPID-52",
            "CSAFPID-53"
          ]
        }
      ],
      "title": "CVE-2026-20869"
    },
    {
      "cve": "CVE-2026-20875",
      "cwe": {
        "id": "CWE-476",
        "name": "NULL Pointer Dereference"
      },
      "notes": [
        {
          "category": "other",
          "text": "NULL Pointer Dereference",
          "title": "CWE-476"
        },
        {
          "category": "description",
          "text": "A null pointer dereference vulnerability in the Windows Local Security Authority Subsystem Service (LSASS) allows unauthorized attackers to induce a denial of service over a network.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20",
          "CSAFPID-21",
          "CSAFPID-22",
          "CSAFPID-23",
          "CSAFPID-24",
          "CSAFPID-25",
          "CSAFPID-26",
          "CSAFPID-27",
          "CSAFPID-28",
          "CSAFPID-29",
          "CSAFPID-30",
          "CSAFPID-31",
          "CSAFPID-32",
          "CSAFPID-33",
          "CSAFPID-34",
          "CSAFPID-35",
          "CSAFPID-36",
          "CSAFPID-37",
          "CSAFPID-38",
          "CSAFPID-39",
          "CSAFPID-40",
          "CSAFPID-41",
          "CSAFPID-42",
          "CSAFPID-43",
          "CSAFPID-44",
          "CSAFPID-45",
          "CSAFPID-46",
          "CSAFPID-47",
          "CSAFPID-48",
          "CSAFPID-49",
          "CSAFPID-50",
          "CSAFPID-51",
          "CSAFPID-52",
          "CSAFPID-53"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-20875 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20875.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20",
            "CSAFPID-21",
            "CSAFPID-22",
            "CSAFPID-23",
            "CSAFPID-24",
            "CSAFPID-25",
            "CSAFPID-26",
            "CSAFPID-27",
            "CSAFPID-28",
            "CSAFPID-29",
            "CSAFPID-30",
            "CSAFPID-31",
            "CSAFPID-32",
            "CSAFPID-33",
            "CSAFPID-34",
            "CSAFPID-35",
            "CSAFPID-36",
            "CSAFPID-37",
            "CSAFPID-38",
            "CSAFPID-39",
            "CSAFPID-40",
            "CSAFPID-41",
            "CSAFPID-42",
            "CSAFPID-43",
            "CSAFPID-44",
            "CSAFPID-45",
            "CSAFPID-46",
            "CSAFPID-47",
            "CSAFPID-48",
            "CSAFPID-49",
            "CSAFPID-50",
            "CSAFPID-51",
            "CSAFPID-52",
            "CSAFPID-53"
          ]
        }
      ],
      "title": "CVE-2026-20875"
    },
    {
      "cve": "CVE-2026-20876",
      "cwe": {
        "id": "CWE-122",
        "name": "Heap-based Buffer Overflow"
      },
      "notes": [
        {
          "category": "other",
          "text": "Heap-based Buffer Overflow",
          "title": "CWE-122"
        },
        {
          "category": "description",
          "text": "A heap-based buffer overflow vulnerability in Windows Virtualization-Based Security (VBS) Enclave allows an authorized attacker to locally elevate their privileges.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20",
          "CSAFPID-21",
          "CSAFPID-22",
          "CSAFPID-23",
          "CSAFPID-24",
          "CSAFPID-25",
          "CSAFPID-26",
          "CSAFPID-27",
          "CSAFPID-28",
          "CSAFPID-29",
          "CSAFPID-30",
          "CSAFPID-31",
          "CSAFPID-32",
          "CSAFPID-33",
          "CSAFPID-34",
          "CSAFPID-35",
          "CSAFPID-36",
          "CSAFPID-37",
          "CSAFPID-38",
          "CSAFPID-39",
          "CSAFPID-40",
          "CSAFPID-41",
          "CSAFPID-42",
          "CSAFPID-43",
          "CSAFPID-44",
          "CSAFPID-45",
          "CSAFPID-46",
          "CSAFPID-47",
          "CSAFPID-48",
          "CSAFPID-49",
          "CSAFPID-50",
          "CSAFPID-51",
          "CSAFPID-52",
          "CSAFPID-53"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-20876 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20876.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.7,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20",
            "CSAFPID-21",
            "CSAFPID-22",
            "CSAFPID-23",
            "CSAFPID-24",
            "CSAFPID-25",
            "CSAFPID-26",
            "CSAFPID-27",
            "CSAFPID-28",
            "CSAFPID-29",
            "CSAFPID-30",
            "CSAFPID-31",
            "CSAFPID-32",
            "CSAFPID-33",
            "CSAFPID-34",
            "CSAFPID-35",
            "CSAFPID-36",
            "CSAFPID-37",
            "CSAFPID-38",
            "CSAFPID-39",
            "CSAFPID-40",
            "CSAFPID-41",
            "CSAFPID-42",
            "CSAFPID-43",
            "CSAFPID-44",
            "CSAFPID-45",
            "CSAFPID-46",
            "CSAFPID-47",
            "CSAFPID-48",
            "CSAFPID-49",
            "CSAFPID-50",
            "CSAFPID-51",
            "CSAFPID-52",
            "CSAFPID-53"
          ]
        }
      ],
      "title": "CVE-2026-20876"
    },
    {
      "cve": "CVE-2026-20877",
      "cwe": {
        "id": "CWE-362",
        "name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)"
      },
      "notes": [
        {
          "category": "other",
          "text": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
          "title": "CWE-362"
        },
        {
          "category": "other",
          "text": "Use After Free",
          "title": "CWE-416"
        },
        {
          "category": "description",
          "text": "A use after free vulnerability in Windows Management Services allows an authorized attacker to locally elevate their privileges.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20",
          "CSAFPID-21",
          "CSAFPID-22",
          "CSAFPID-23",
          "CSAFPID-24",
          "CSAFPID-25",
          "CSAFPID-26",
          "CSAFPID-27",
          "CSAFPID-28",
          "CSAFPID-29",
          "CSAFPID-30",
          "CSAFPID-31",
          "CSAFPID-32",
          "CSAFPID-33",
          "CSAFPID-34",
          "CSAFPID-35",
          "CSAFPID-36",
          "CSAFPID-37",
          "CSAFPID-38",
          "CSAFPID-39",
          "CSAFPID-40",
          "CSAFPID-41",
          "CSAFPID-42",
          "CSAFPID-43",
          "CSAFPID-44",
          "CSAFPID-45",
          "CSAFPID-46",
          "CSAFPID-47",
          "CSAFPID-48",
          "CSAFPID-49",
          "CSAFPID-50",
          "CSAFPID-51",
          "CSAFPID-52",
          "CSAFPID-53"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-20877 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20877.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20",
            "CSAFPID-21",
            "CSAFPID-22",
            "CSAFPID-23",
            "CSAFPID-24",
            "CSAFPID-25",
            "CSAFPID-26",
            "CSAFPID-27",
            "CSAFPID-28",
            "CSAFPID-29",
            "CSAFPID-30",
            "CSAFPID-31",
            "CSAFPID-32",
            "CSAFPID-33",
            "CSAFPID-34",
            "CSAFPID-35",
            "CSAFPID-36",
            "CSAFPID-37",
            "CSAFPID-38",
            "CSAFPID-39",
            "CSAFPID-40",
            "CSAFPID-41",
            "CSAFPID-42",
            "CSAFPID-43",
            "CSAFPID-44",
            "CSAFPID-45",
            "CSAFPID-46",
            "CSAFPID-47",
            "CSAFPID-48",
            "CSAFPID-49",
            "CSAFPID-50",
            "CSAFPID-51",
            "CSAFPID-52",
            "CSAFPID-53"
          ]
        }
      ],
      "title": "CVE-2026-20877"
    },
    {
      "cve": "CVE-2026-20918",
      "cwe": {
        "id": "CWE-362",
        "name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)"
      },
      "notes": [
        {
          "category": "other",
          "text": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
          "title": "CWE-362"
        },
        {
          "category": "other",
          "text": "Use After Free",
          "title": "CWE-416"
        },
        {
          "category": "description",
          "text": "A race condition in Windows Management Services allows authorized attackers to locally elevate their privileges due to improper synchronization.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20",
          "CSAFPID-21",
          "CSAFPID-22",
          "CSAFPID-23",
          "CSAFPID-24",
          "CSAFPID-25",
          "CSAFPID-26",
          "CSAFPID-27",
          "CSAFPID-28",
          "CSAFPID-29",
          "CSAFPID-30",
          "CSAFPID-31",
          "CSAFPID-32",
          "CSAFPID-33",
          "CSAFPID-34",
          "CSAFPID-35",
          "CSAFPID-36",
          "CSAFPID-37",
          "CSAFPID-38",
          "CSAFPID-39",
          "CSAFPID-40",
          "CSAFPID-41",
          "CSAFPID-42",
          "CSAFPID-43",
          "CSAFPID-44",
          "CSAFPID-45",
          "CSAFPID-46",
          "CSAFPID-47",
          "CSAFPID-48",
          "CSAFPID-49",
          "CSAFPID-50",
          "CSAFPID-51",
          "CSAFPID-52",
          "CSAFPID-53"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-20918 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20918.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20",
            "CSAFPID-21",
            "CSAFPID-22",
            "CSAFPID-23",
            "CSAFPID-24",
            "CSAFPID-25",
            "CSAFPID-26",
            "CSAFPID-27",
            "CSAFPID-28",
            "CSAFPID-29",
            "CSAFPID-30",
            "CSAFPID-31",
            "CSAFPID-32",
            "CSAFPID-33",
            "CSAFPID-34",
            "CSAFPID-35",
            "CSAFPID-36",
            "CSAFPID-37",
            "CSAFPID-38",
            "CSAFPID-39",
            "CSAFPID-40",
            "CSAFPID-41",
            "CSAFPID-42",
            "CSAFPID-43",
            "CSAFPID-44",
            "CSAFPID-45",
            "CSAFPID-46",
            "CSAFPID-47",
            "CSAFPID-48",
            "CSAFPID-49",
            "CSAFPID-50",
            "CSAFPID-51",
            "CSAFPID-52",
            "CSAFPID-53"
          ]
        }
      ],
      "title": "CVE-2026-20918"
    },
    {
      "cve": "CVE-2026-20919",
      "cwe": {
        "id": "CWE-362",
        "name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)"
      },
      "notes": [
        {
          "category": "other",
          "text": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
          "title": "CWE-362"
        },
        {
          "category": "description",
          "text": "Improper synchronization in the Windows SMB Server allows authorized attackers to elevate their privileges over a network through concurrent execution vulnerabilities.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20",
          "CSAFPID-21",
          "CSAFPID-22",
          "CSAFPID-23",
          "CSAFPID-24",
          "CSAFPID-25",
          "CSAFPID-26",
          "CSAFPID-27",
          "CSAFPID-28",
          "CSAFPID-29",
          "CSAFPID-30",
          "CSAFPID-31",
          "CSAFPID-32",
          "CSAFPID-33",
          "CSAFPID-34",
          "CSAFPID-35",
          "CSAFPID-36",
          "CSAFPID-37",
          "CSAFPID-38",
          "CSAFPID-39",
          "CSAFPID-40",
          "CSAFPID-41",
          "CSAFPID-42",
          "CSAFPID-43",
          "CSAFPID-44",
          "CSAFPID-45",
          "CSAFPID-46",
          "CSAFPID-47",
          "CSAFPID-48",
          "CSAFPID-49",
          "CSAFPID-50",
          "CSAFPID-51",
          "CSAFPID-52",
          "CSAFPID-53"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-20919 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20919.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20",
            "CSAFPID-21",
            "CSAFPID-22",
            "CSAFPID-23",
            "CSAFPID-24",
            "CSAFPID-25",
            "CSAFPID-26",
            "CSAFPID-27",
            "CSAFPID-28",
            "CSAFPID-29",
            "CSAFPID-30",
            "CSAFPID-31",
            "CSAFPID-32",
            "CSAFPID-33",
            "CSAFPID-34",
            "CSAFPID-35",
            "CSAFPID-36",
            "CSAFPID-37",
            "CSAFPID-38",
            "CSAFPID-39",
            "CSAFPID-40",
            "CSAFPID-41",
            "CSAFPID-42",
            "CSAFPID-43",
            "CSAFPID-44",
            "CSAFPID-45",
            "CSAFPID-46",
            "CSAFPID-47",
            "CSAFPID-48",
            "CSAFPID-49",
            "CSAFPID-50",
            "CSAFPID-51",
            "CSAFPID-52",
            "CSAFPID-53"
          ]
        }
      ],
      "title": "CVE-2026-20919"
    },
    {
      "cve": "CVE-2026-20921",
      "cwe": {
        "id": "CWE-362",
        "name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)"
      },
      "notes": [
        {
          "category": "other",
          "text": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
          "title": "CWE-362"
        },
        {
          "category": "description",
          "text": "Improper synchronization in the Windows SMB Server allows authorized attackers to elevate their privileges over a network through concurrent execution vulnerabilities.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20",
          "CSAFPID-21",
          "CSAFPID-22",
          "CSAFPID-23",
          "CSAFPID-24",
          "CSAFPID-25",
          "CSAFPID-26",
          "CSAFPID-27",
          "CSAFPID-28",
          "CSAFPID-29",
          "CSAFPID-30",
          "CSAFPID-31",
          "CSAFPID-32",
          "CSAFPID-33",
          "CSAFPID-34",
          "CSAFPID-35",
          "CSAFPID-36",
          "CSAFPID-37",
          "CSAFPID-38",
          "CSAFPID-39",
          "CSAFPID-40",
          "CSAFPID-41",
          "CSAFPID-42",
          "CSAFPID-43",
          "CSAFPID-44",
          "CSAFPID-45",
          "CSAFPID-46",
          "CSAFPID-47",
          "CSAFPID-48",
          "CSAFPID-49",
          "CSAFPID-50",
          "CSAFPID-51",
          "CSAFPID-52",
          "CSAFPID-53"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-20921 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20921.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20",
            "CSAFPID-21",
            "CSAFPID-22",
            "CSAFPID-23",
            "CSAFPID-24",
            "CSAFPID-25",
            "CSAFPID-26",
            "CSAFPID-27",
            "CSAFPID-28",
            "CSAFPID-29",
            "CSAFPID-30",
            "CSAFPID-31",
            "CSAFPID-32",
            "CSAFPID-33",
            "CSAFPID-34",
            "CSAFPID-35",
            "CSAFPID-36",
            "CSAFPID-37",
            "CSAFPID-38",
            "CSAFPID-39",
            "CSAFPID-40",
            "CSAFPID-41",
            "CSAFPID-42",
            "CSAFPID-43",
            "CSAFPID-44",
            "CSAFPID-45",
            "CSAFPID-46",
            "CSAFPID-47",
            "CSAFPID-48",
            "CSAFPID-49",
            "CSAFPID-50",
            "CSAFPID-51",
            "CSAFPID-52",
            "CSAFPID-53"
          ]
        }
      ],
      "title": "CVE-2026-20921"
    },
    {
      "cve": "CVE-2026-20922",
      "cwe": {
        "id": "CWE-122",
        "name": "Heap-based Buffer Overflow"
      },
      "notes": [
        {
          "category": "other",
          "text": "Heap-based Buffer Overflow",
          "title": "CWE-122"
        },
        {
          "category": "description",
          "text": "A heap-based buffer overflow vulnerability in Windows NTFS allows an authorized attacker to execute code locally.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20",
          "CSAFPID-21",
          "CSAFPID-22",
          "CSAFPID-23",
          "CSAFPID-24",
          "CSAFPID-25",
          "CSAFPID-26",
          "CSAFPID-27",
          "CSAFPID-28",
          "CSAFPID-29",
          "CSAFPID-30",
          "CSAFPID-31",
          "CSAFPID-32",
          "CSAFPID-33",
          "CSAFPID-34",
          "CSAFPID-35",
          "CSAFPID-36",
          "CSAFPID-37",
          "CSAFPID-38",
          "CSAFPID-39",
          "CSAFPID-40",
          "CSAFPID-41",
          "CSAFPID-42",
          "CSAFPID-43",
          "CSAFPID-44",
          "CSAFPID-45",
          "CSAFPID-46",
          "CSAFPID-47",
          "CSAFPID-48",
          "CSAFPID-49",
          "CSAFPID-50",
          "CSAFPID-51",
          "CSAFPID-52",
          "CSAFPID-53"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-20922 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20922.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20",
            "CSAFPID-21",
            "CSAFPID-22",
            "CSAFPID-23",
            "CSAFPID-24",
            "CSAFPID-25",
            "CSAFPID-26",
            "CSAFPID-27",
            "CSAFPID-28",
            "CSAFPID-29",
            "CSAFPID-30",
            "CSAFPID-31",
            "CSAFPID-32",
            "CSAFPID-33",
            "CSAFPID-34",
            "CSAFPID-35",
            "CSAFPID-36",
            "CSAFPID-37",
            "CSAFPID-38",
            "CSAFPID-39",
            "CSAFPID-40",
            "CSAFPID-41",
            "CSAFPID-42",
            "CSAFPID-43",
            "CSAFPID-44",
            "CSAFPID-45",
            "CSAFPID-46",
            "CSAFPID-47",
            "CSAFPID-48",
            "CSAFPID-49",
            "CSAFPID-50",
            "CSAFPID-51",
            "CSAFPID-52",
            "CSAFPID-53"
          ]
        }
      ],
      "title": "CVE-2026-20922"
    },
    {
      "cve": "CVE-2026-20923",
      "cwe": {
        "id": "CWE-416",
        "name": "Use After Free"
      },
      "notes": [
        {
          "category": "other",
          "text": "Use After Free",
          "title": "CWE-416"
        },
        {
          "category": "description",
          "text": "A use after free vulnerability in Windows Management Services allows an authorized attacker to locally elevate their privileges.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20",
          "CSAFPID-21",
          "CSAFPID-22",
          "CSAFPID-23",
          "CSAFPID-24",
          "CSAFPID-25",
          "CSAFPID-26",
          "CSAFPID-27",
          "CSAFPID-28",
          "CSAFPID-29",
          "CSAFPID-30",
          "CSAFPID-31",
          "CSAFPID-32",
          "CSAFPID-33",
          "CSAFPID-34",
          "CSAFPID-35",
          "CSAFPID-36",
          "CSAFPID-37",
          "CSAFPID-38",
          "CSAFPID-39",
          "CSAFPID-40",
          "CSAFPID-41",
          "CSAFPID-42",
          "CSAFPID-43",
          "CSAFPID-44",
          "CSAFPID-45",
          "CSAFPID-46",
          "CSAFPID-47",
          "CSAFPID-48",
          "CSAFPID-49",
          "CSAFPID-50",
          "CSAFPID-51",
          "CSAFPID-52",
          "CSAFPID-53"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-20923 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20923.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20",
            "CSAFPID-21",
            "CSAFPID-22",
            "CSAFPID-23",
            "CSAFPID-24",
            "CSAFPID-25",
            "CSAFPID-26",
            "CSAFPID-27",
            "CSAFPID-28",
            "CSAFPID-29",
            "CSAFPID-30",
            "CSAFPID-31",
            "CSAFPID-32",
            "CSAFPID-33",
            "CSAFPID-34",
            "CSAFPID-35",
            "CSAFPID-36",
            "CSAFPID-37",
            "CSAFPID-38",
            "CSAFPID-39",
            "CSAFPID-40",
            "CSAFPID-41",
            "CSAFPID-42",
            "CSAFPID-43",
            "CSAFPID-44",
            "CSAFPID-45",
            "CSAFPID-46",
            "CSAFPID-47",
            "CSAFPID-48",
            "CSAFPID-49",
            "CSAFPID-50",
            "CSAFPID-51",
            "CSAFPID-52",
            "CSAFPID-53"
          ]
        }
      ],
      "title": "CVE-2026-20923"
    },
    {
      "cve": "CVE-2026-20924",
      "cwe": {
        "id": "CWE-362",
        "name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)"
      },
      "notes": [
        {
          "category": "other",
          "text": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
          "title": "CWE-362"
        },
        {
          "category": "other",
          "text": "Use After Free",
          "title": "CWE-416"
        },
        {
          "category": "description",
          "text": "A use after free vulnerability in Windows Management Services allows an authorized attacker to locally elevate their privileges.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20",
          "CSAFPID-21",
          "CSAFPID-22",
          "CSAFPID-23",
          "CSAFPID-24",
          "CSAFPID-25",
          "CSAFPID-26",
          "CSAFPID-27",
          "CSAFPID-28",
          "CSAFPID-29",
          "CSAFPID-30",
          "CSAFPID-31",
          "CSAFPID-32",
          "CSAFPID-33",
          "CSAFPID-34",
          "CSAFPID-35",
          "CSAFPID-36",
          "CSAFPID-37",
          "CSAFPID-38",
          "CSAFPID-39",
          "CSAFPID-40",
          "CSAFPID-41",
          "CSAFPID-42",
          "CSAFPID-43",
          "CSAFPID-44",
          "CSAFPID-45",
          "CSAFPID-46",
          "CSAFPID-47",
          "CSAFPID-48",
          "CSAFPID-49",
          "CSAFPID-50",
          "CSAFPID-51",
          "CSAFPID-52",
          "CSAFPID-53"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-20924 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20924.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20",
            "CSAFPID-21",
            "CSAFPID-22",
            "CSAFPID-23",
            "CSAFPID-24",
            "CSAFPID-25",
            "CSAFPID-26",
            "CSAFPID-27",
            "CSAFPID-28",
            "CSAFPID-29",
            "CSAFPID-30",
            "CSAFPID-31",
            "CSAFPID-32",
            "CSAFPID-33",
            "CSAFPID-34",
            "CSAFPID-35",
            "CSAFPID-36",
            "CSAFPID-37",
            "CSAFPID-38",
            "CSAFPID-39",
            "CSAFPID-40",
            "CSAFPID-41",
            "CSAFPID-42",
            "CSAFPID-43",
            "CSAFPID-44",
            "CSAFPID-45",
            "CSAFPID-46",
            "CSAFPID-47",
            "CSAFPID-48",
            "CSAFPID-49",
            "CSAFPID-50",
            "CSAFPID-51",
            "CSAFPID-52",
            "CSAFPID-53"
          ]
        }
      ],
      "title": "CVE-2026-20924"
    },
    {
      "cve": "CVE-2026-20925",
      "cwe": {
        "id": "CWE-73",
        "name": "External Control of File Name or Path"
      },
      "notes": [
        {
          "category": "other",
          "text": "External Control of File Name or Path",
          "title": "CWE-73"
        },
        {
          "category": "description",
          "text": "External control of file names or paths in Windows NTLM can allow unauthorized attackers to execute spoofing attacks over a network.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20",
          "CSAFPID-21",
          "CSAFPID-22",
          "CSAFPID-23",
          "CSAFPID-24",
          "CSAFPID-25",
          "CSAFPID-26",
          "CSAFPID-27",
          "CSAFPID-28",
          "CSAFPID-29",
          "CSAFPID-30",
          "CSAFPID-31",
          "CSAFPID-32",
          "CSAFPID-33",
          "CSAFPID-34",
          "CSAFPID-35",
          "CSAFPID-36",
          "CSAFPID-37",
          "CSAFPID-38",
          "CSAFPID-39",
          "CSAFPID-40",
          "CSAFPID-41",
          "CSAFPID-42",
          "CSAFPID-43",
          "CSAFPID-44",
          "CSAFPID-45",
          "CSAFPID-46",
          "CSAFPID-47",
          "CSAFPID-48",
          "CSAFPID-49",
          "CSAFPID-50",
          "CSAFPID-51",
          "CSAFPID-52",
          "CSAFPID-53"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-20925 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20925.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20",
            "CSAFPID-21",
            "CSAFPID-22",
            "CSAFPID-23",
            "CSAFPID-24",
            "CSAFPID-25",
            "CSAFPID-26",
            "CSAFPID-27",
            "CSAFPID-28",
            "CSAFPID-29",
            "CSAFPID-30",
            "CSAFPID-31",
            "CSAFPID-32",
            "CSAFPID-33",
            "CSAFPID-34",
            "CSAFPID-35",
            "CSAFPID-36",
            "CSAFPID-37",
            "CSAFPID-38",
            "CSAFPID-39",
            "CSAFPID-40",
            "CSAFPID-41",
            "CSAFPID-42",
            "CSAFPID-43",
            "CSAFPID-44",
            "CSAFPID-45",
            "CSAFPID-46",
            "CSAFPID-47",
            "CSAFPID-48",
            "CSAFPID-49",
            "CSAFPID-50",
            "CSAFPID-51",
            "CSAFPID-52",
            "CSAFPID-53"
          ]
        }
      ],
      "title": "CVE-2026-20925"
    },
    {
      "cve": "CVE-2026-20926",
      "cwe": {
        "id": "CWE-362",
        "name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)"
      },
      "notes": [
        {
          "category": "other",
          "text": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
          "title": "CWE-362"
        },
        {
          "category": "description",
          "text": "Improper synchronization in the Windows SMB Server allows authorized attackers to elevate their privileges over a network through concurrent execution vulnerabilities.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20",
          "CSAFPID-21",
          "CSAFPID-22",
          "CSAFPID-23",
          "CSAFPID-24",
          "CSAFPID-25",
          "CSAFPID-26",
          "CSAFPID-27",
          "CSAFPID-28",
          "CSAFPID-29",
          "CSAFPID-30",
          "CSAFPID-31",
          "CSAFPID-32",
          "CSAFPID-33",
          "CSAFPID-34",
          "CSAFPID-35",
          "CSAFPID-36",
          "CSAFPID-37",
          "CSAFPID-38",
          "CSAFPID-39",
          "CSAFPID-40",
          "CSAFPID-41",
          "CSAFPID-42",
          "CSAFPID-43",
          "CSAFPID-44",
          "CSAFPID-45",
          "CSAFPID-46",
          "CSAFPID-47",
          "CSAFPID-48",
          "CSAFPID-49",
          "CSAFPID-50",
          "CSAFPID-51",
          "CSAFPID-52",
          "CSAFPID-53"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-20926 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20926.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20",
            "CSAFPID-21",
            "CSAFPID-22",
            "CSAFPID-23",
            "CSAFPID-24",
            "CSAFPID-25",
            "CSAFPID-26",
            "CSAFPID-27",
            "CSAFPID-28",
            "CSAFPID-29",
            "CSAFPID-30",
            "CSAFPID-31",
            "CSAFPID-32",
            "CSAFPID-33",
            "CSAFPID-34",
            "CSAFPID-35",
            "CSAFPID-36",
            "CSAFPID-37",
            "CSAFPID-38",
            "CSAFPID-39",
            "CSAFPID-40",
            "CSAFPID-41",
            "CSAFPID-42",
            "CSAFPID-43",
            "CSAFPID-44",
            "CSAFPID-45",
            "CSAFPID-46",
            "CSAFPID-47",
            "CSAFPID-48",
            "CSAFPID-49",
            "CSAFPID-50",
            "CSAFPID-51",
            "CSAFPID-52",
            "CSAFPID-53"
          ]
        }
      ],
      "title": "CVE-2026-20926"
    },
    {
      "cve": "CVE-2026-20927",
      "cwe": {
        "id": "CWE-362",
        "name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)"
      },
      "notes": [
        {
          "category": "other",
          "text": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
          "title": "CWE-362"
        },
        {
          "category": "description",
          "text": "Improper synchronization in concurrent execution within Windows SMB Server can allow an authorized attacker to trigger a denial of service over the network.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20",
          "CSAFPID-21",
          "CSAFPID-22",
          "CSAFPID-23",
          "CSAFPID-24",
          "CSAFPID-25",
          "CSAFPID-26",
          "CSAFPID-27",
          "CSAFPID-28",
          "CSAFPID-29",
          "CSAFPID-30",
          "CSAFPID-31",
          "CSAFPID-32",
          "CSAFPID-33",
          "CSAFPID-34",
          "CSAFPID-35",
          "CSAFPID-36",
          "CSAFPID-37",
          "CSAFPID-38",
          "CSAFPID-39",
          "CSAFPID-40",
          "CSAFPID-41",
          "CSAFPID-42",
          "CSAFPID-43",
          "CSAFPID-44",
          "CSAFPID-45",
          "CSAFPID-46",
          "CSAFPID-47",
          "CSAFPID-48",
          "CSAFPID-49",
          "CSAFPID-50",
          "CSAFPID-51",
          "CSAFPID-52",
          "CSAFPID-53"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-20927 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20927.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20",
            "CSAFPID-21",
            "CSAFPID-22",
            "CSAFPID-23",
            "CSAFPID-24",
            "CSAFPID-25",
            "CSAFPID-26",
            "CSAFPID-27",
            "CSAFPID-28",
            "CSAFPID-29",
            "CSAFPID-30",
            "CSAFPID-31",
            "CSAFPID-32",
            "CSAFPID-33",
            "CSAFPID-34",
            "CSAFPID-35",
            "CSAFPID-36",
            "CSAFPID-37",
            "CSAFPID-38",
            "CSAFPID-39",
            "CSAFPID-40",
            "CSAFPID-41",
            "CSAFPID-42",
            "CSAFPID-43",
            "CSAFPID-44",
            "CSAFPID-45",
            "CSAFPID-46",
            "CSAFPID-47",
            "CSAFPID-48",
            "CSAFPID-49",
            "CSAFPID-50",
            "CSAFPID-51",
            "CSAFPID-52",
            "CSAFPID-53"
          ]
        }
      ],
      "title": "CVE-2026-20927"
    },
    {
      "cve": "CVE-2026-20932",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "notes": [
        {
          "category": "other",
          "text": "Exposure of Sensitive Information to an Unauthorized Actor",
          "title": "CWE-200"
        },
        {
          "category": "description",
          "text": "A vulnerability in Windows File Explorer allows authorized attackers to expose sensitive information to unauthorized users locally.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20",
          "CSAFPID-21",
          "CSAFPID-22",
          "CSAFPID-23",
          "CSAFPID-24",
          "CSAFPID-25",
          "CSAFPID-26",
          "CSAFPID-27",
          "CSAFPID-28",
          "CSAFPID-29",
          "CSAFPID-30",
          "CSAFPID-31",
          "CSAFPID-32",
          "CSAFPID-33",
          "CSAFPID-34",
          "CSAFPID-35",
          "CSAFPID-36",
          "CSAFPID-37",
          "CSAFPID-38",
          "CSAFPID-39",
          "CSAFPID-40",
          "CSAFPID-41",
          "CSAFPID-42",
          "CSAFPID-43",
          "CSAFPID-44",
          "CSAFPID-45",
          "CSAFPID-46",
          "CSAFPID-47",
          "CSAFPID-48",
          "CSAFPID-49",
          "CSAFPID-50",
          "CSAFPID-51",
          "CSAFPID-52",
          "CSAFPID-53"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-20932 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20932.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20",
            "CSAFPID-21",
            "CSAFPID-22",
            "CSAFPID-23",
            "CSAFPID-24",
            "CSAFPID-25",
            "CSAFPID-26",
            "CSAFPID-27",
            "CSAFPID-28",
            "CSAFPID-29",
            "CSAFPID-30",
            "CSAFPID-31",
            "CSAFPID-32",
            "CSAFPID-33",
            "CSAFPID-34",
            "CSAFPID-35",
            "CSAFPID-36",
            "CSAFPID-37",
            "CSAFPID-38",
            "CSAFPID-39",
            "CSAFPID-40",
            "CSAFPID-41",
            "CSAFPID-42",
            "CSAFPID-43",
            "CSAFPID-44",
            "CSAFPID-45",
            "CSAFPID-46",
            "CSAFPID-47",
            "CSAFPID-48",
            "CSAFPID-49",
            "CSAFPID-50",
            "CSAFPID-51",
            "CSAFPID-52",
            "CSAFPID-53"
          ]
        }
      ],
      "title": "CVE-2026-20932"
    },
    {
      "cve": "CVE-2026-20934",
      "cwe": {
        "id": "CWE-362",
        "name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)"
      },
      "notes": [
        {
          "category": "other",
          "text": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
          "title": "CWE-362"
        },
        {
          "category": "description",
          "text": "Improper synchronization in the Windows SMB Server allows authorized attackers to elevate their privileges over a network through concurrent execution vulnerabilities.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20",
          "CSAFPID-21",
          "CSAFPID-22",
          "CSAFPID-23",
          "CSAFPID-24",
          "CSAFPID-25",
          "CSAFPID-26",
          "CSAFPID-27",
          "CSAFPID-28",
          "CSAFPID-29",
          "CSAFPID-30",
          "CSAFPID-31",
          "CSAFPID-32",
          "CSAFPID-33",
          "CSAFPID-34",
          "CSAFPID-35",
          "CSAFPID-36",
          "CSAFPID-37",
          "CSAFPID-38",
          "CSAFPID-39",
          "CSAFPID-40",
          "CSAFPID-41",
          "CSAFPID-42",
          "CSAFPID-43",
          "CSAFPID-44",
          "CSAFPID-45",
          "CSAFPID-46",
          "CSAFPID-47",
          "CSAFPID-48",
          "CSAFPID-49",
          "CSAFPID-50",
          "CSAFPID-51",
          "CSAFPID-52",
          "CSAFPID-53"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-20934 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20934.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20",
            "CSAFPID-21",
            "CSAFPID-22",
            "CSAFPID-23",
            "CSAFPID-24",
            "CSAFPID-25",
            "CSAFPID-26",
            "CSAFPID-27",
            "CSAFPID-28",
            "CSAFPID-29",
            "CSAFPID-30",
            "CSAFPID-31",
            "CSAFPID-32",
            "CSAFPID-33",
            "CSAFPID-34",
            "CSAFPID-35",
            "CSAFPID-36",
            "CSAFPID-37",
            "CSAFPID-38",
            "CSAFPID-39",
            "CSAFPID-40",
            "CSAFPID-41",
            "CSAFPID-42",
            "CSAFPID-43",
            "CSAFPID-44",
            "CSAFPID-45",
            "CSAFPID-46",
            "CSAFPID-47",
            "CSAFPID-48",
            "CSAFPID-49",
            "CSAFPID-50",
            "CSAFPID-51",
            "CSAFPID-52",
            "CSAFPID-53"
          ]
        }
      ],
      "title": "CVE-2026-20934"
    },
    {
      "cve": "CVE-2026-20938",
      "cwe": {
        "id": "CWE-822",
        "name": "Untrusted Pointer Dereference"
      },
      "notes": [
        {
          "category": "other",
          "text": "Untrusted Pointer Dereference",
          "title": "CWE-822"
        },
        {
          "category": "description",
          "text": "A vulnerability in Windows Virtualization-Based Security (VBS) Enclave allows an authorized attacker to locally elevate their privileges through an untrusted pointer dereference.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20",
          "CSAFPID-21",
          "CSAFPID-22",
          "CSAFPID-23",
          "CSAFPID-24",
          "CSAFPID-25",
          "CSAFPID-26",
          "CSAFPID-27",
          "CSAFPID-28",
          "CSAFPID-29",
          "CSAFPID-30",
          "CSAFPID-31",
          "CSAFPID-32",
          "CSAFPID-33",
          "CSAFPID-34",
          "CSAFPID-35",
          "CSAFPID-36",
          "CSAFPID-37",
          "CSAFPID-38",
          "CSAFPID-39",
          "CSAFPID-40",
          "CSAFPID-41",
          "CSAFPID-42",
          "CSAFPID-43",
          "CSAFPID-44",
          "CSAFPID-45",
          "CSAFPID-46",
          "CSAFPID-47",
          "CSAFPID-48",
          "CSAFPID-49",
          "CSAFPID-50",
          "CSAFPID-51",
          "CSAFPID-52",
          "CSAFPID-53"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-20938 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20938.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20",
            "CSAFPID-21",
            "CSAFPID-22",
            "CSAFPID-23",
            "CSAFPID-24",
            "CSAFPID-25",
            "CSAFPID-26",
            "CSAFPID-27",
            "CSAFPID-28",
            "CSAFPID-29",
            "CSAFPID-30",
            "CSAFPID-31",
            "CSAFPID-32",
            "CSAFPID-33",
            "CSAFPID-34",
            "CSAFPID-35",
            "CSAFPID-36",
            "CSAFPID-37",
            "CSAFPID-38",
            "CSAFPID-39",
            "CSAFPID-40",
            "CSAFPID-41",
            "CSAFPID-42",
            "CSAFPID-43",
            "CSAFPID-44",
            "CSAFPID-45",
            "CSAFPID-46",
            "CSAFPID-47",
            "CSAFPID-48",
            "CSAFPID-49",
            "CSAFPID-50",
            "CSAFPID-51",
            "CSAFPID-52",
            "CSAFPID-53"
          ]
        }
      ],
      "title": "CVE-2026-20938"
    },
    {
      "cve": "CVE-2026-21221",
      "cwe": {
        "id": "CWE-362",
        "name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)"
      },
      "notes": [
        {
          "category": "other",
          "text": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
          "title": "CWE-362"
        },
        {
          "category": "other",
          "text": "Use After Free",
          "title": "CWE-416"
        },
        {
          "category": "description",
          "text": "The Capability Access Management Service (camsvc) has a vulnerability that allows an authorized attacker to locally elevate privileges due to improper synchronization in concurrent execution.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20",
          "CSAFPID-21",
          "CSAFPID-22",
          "CSAFPID-23",
          "CSAFPID-24",
          "CSAFPID-25",
          "CSAFPID-26",
          "CSAFPID-27",
          "CSAFPID-28",
          "CSAFPID-29",
          "CSAFPID-30",
          "CSAFPID-31",
          "CSAFPID-32",
          "CSAFPID-33",
          "CSAFPID-34",
          "CSAFPID-35",
          "CSAFPID-36",
          "CSAFPID-37",
          "CSAFPID-38",
          "CSAFPID-39",
          "CSAFPID-40",
          "CSAFPID-41",
          "CSAFPID-42",
          "CSAFPID-43",
          "CSAFPID-44",
          "CSAFPID-45",
          "CSAFPID-46",
          "CSAFPID-47",
          "CSAFPID-48",
          "CSAFPID-49",
          "CSAFPID-50",
          "CSAFPID-51",
          "CSAFPID-52",
          "CSAFPID-53"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-21221 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-21221.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.0,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20",
            "CSAFPID-21",
            "CSAFPID-22",
            "CSAFPID-23",
            "CSAFPID-24",
            "CSAFPID-25",
            "CSAFPID-26",
            "CSAFPID-27",
            "CSAFPID-28",
            "CSAFPID-29",
            "CSAFPID-30",
            "CSAFPID-31",
            "CSAFPID-32",
            "CSAFPID-33",
            "CSAFPID-34",
            "CSAFPID-35",
            "CSAFPID-36",
            "CSAFPID-37",
            "CSAFPID-38",
            "CSAFPID-39",
            "CSAFPID-40",
            "CSAFPID-41",
            "CSAFPID-42",
            "CSAFPID-43",
            "CSAFPID-44",
            "CSAFPID-45",
            "CSAFPID-46",
            "CSAFPID-47",
            "CSAFPID-48",
            "CSAFPID-49",
            "CSAFPID-50",
            "CSAFPID-51",
            "CSAFPID-52",
            "CSAFPID-53"
          ]
        }
      ],
      "title": "CVE-2026-21221"
    },
    {
      "cve": "CVE-2026-20843",
      "cwe": {
        "id": "CWE-284",
        "name": "Improper Access Control"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Access Control",
          "title": "CWE-284"
        },
        {
          "category": "description",
          "text": "A vulnerability in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to locally elevate their privileges due to improper access control.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20",
          "CSAFPID-21",
          "CSAFPID-22",
          "CSAFPID-23",
          "CSAFPID-24",
          "CSAFPID-25",
          "CSAFPID-26",
          "CSAFPID-27",
          "CSAFPID-28",
          "CSAFPID-29",
          "CSAFPID-30",
          "CSAFPID-31",
          "CSAFPID-32",
          "CSAFPID-33",
          "CSAFPID-34",
          "CSAFPID-35",
          "CSAFPID-36",
          "CSAFPID-37",
          "CSAFPID-38",
          "CSAFPID-39",
          "CSAFPID-40",
          "CSAFPID-41",
          "CSAFPID-42",
          "CSAFPID-43",
          "CSAFPID-44",
          "CSAFPID-45",
          "CSAFPID-46",
          "CSAFPID-47",
          "CSAFPID-48",
          "CSAFPID-49",
          "CSAFPID-50",
          "CSAFPID-51",
          "CSAFPID-52",
          "CSAFPID-53"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-20843 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20843.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20",
            "CSAFPID-21",
            "CSAFPID-22",
            "CSAFPID-23",
            "CSAFPID-24",
            "CSAFPID-25",
            "CSAFPID-26",
            "CSAFPID-27",
            "CSAFPID-28",
            "CSAFPID-29",
            "CSAFPID-30",
            "CSAFPID-31",
            "CSAFPID-32",
            "CSAFPID-33",
            "CSAFPID-34",
            "CSAFPID-35",
            "CSAFPID-36",
            "CSAFPID-37",
            "CSAFPID-38",
            "CSAFPID-39",
            "CSAFPID-40",
            "CSAFPID-41",
            "CSAFPID-42",
            "CSAFPID-43",
            "CSAFPID-44",
            "CSAFPID-45",
            "CSAFPID-46",
            "CSAFPID-47",
            "CSAFPID-48",
            "CSAFPID-49",
            "CSAFPID-50",
            "CSAFPID-51",
            "CSAFPID-52",
            "CSAFPID-53"
          ]
        }
      ],
      "title": "CVE-2026-20843"
    },
    {
      "cve": "CVE-2026-20848",
      "cwe": {
        "id": "CWE-362",
        "name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)"
      },
      "notes": [
        {
          "category": "other",
          "text": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
          "title": "CWE-362"
        },
        {
          "category": "description",
          "text": "Improper synchronization in the Windows SMB Server allows authorized attackers to elevate their privileges over a network through concurrent execution vulnerabilities.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20",
          "CSAFPID-21",
          "CSAFPID-22",
          "CSAFPID-23",
          "CSAFPID-24",
          "CSAFPID-25",
          "CSAFPID-26",
          "CSAFPID-27",
          "CSAFPID-28",
          "CSAFPID-29",
          "CSAFPID-30",
          "CSAFPID-31",
          "CSAFPID-32",
          "CSAFPID-33",
          "CSAFPID-34",
          "CSAFPID-35",
          "CSAFPID-36",
          "CSAFPID-37",
          "CSAFPID-38",
          "CSAFPID-39",
          "CSAFPID-40",
          "CSAFPID-41",
          "CSAFPID-42",
          "CSAFPID-43",
          "CSAFPID-44",
          "CSAFPID-45",
          "CSAFPID-46",
          "CSAFPID-47",
          "CSAFPID-48",
          "CSAFPID-49",
          "CSAFPID-50",
          "CSAFPID-51",
          "CSAFPID-52",
          "CSAFPID-53"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-20848 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20848.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20",
            "CSAFPID-21",
            "CSAFPID-22",
            "CSAFPID-23",
            "CSAFPID-24",
            "CSAFPID-25",
            "CSAFPID-26",
            "CSAFPID-27",
            "CSAFPID-28",
            "CSAFPID-29",
            "CSAFPID-30",
            "CSAFPID-31",
            "CSAFPID-32",
            "CSAFPID-33",
            "CSAFPID-34",
            "CSAFPID-35",
            "CSAFPID-36",
            "CSAFPID-37",
            "CSAFPID-38",
            "CSAFPID-39",
            "CSAFPID-40",
            "CSAFPID-41",
            "CSAFPID-42",
            "CSAFPID-43",
            "CSAFPID-44",
            "CSAFPID-45",
            "CSAFPID-46",
            "CSAFPID-47",
            "CSAFPID-48",
            "CSAFPID-49",
            "CSAFPID-50",
            "CSAFPID-51",
            "CSAFPID-52",
            "CSAFPID-53"
          ]
        }
      ],
      "title": "CVE-2026-20848"
    },
    {
      "cve": "CVE-2026-20849",
      "cwe": {
        "id": "CWE-807",
        "name": "Reliance on Untrusted Inputs in a Security Decision"
      },
      "notes": [
        {
          "category": "other",
          "text": "Reliance on Untrusted Inputs in a Security Decision",
          "title": "CWE-807"
        },
        {
          "category": "description",
          "text": "The document highlights a security vulnerability in Windows Kerberos that allows an authorized attacker to elevate privileges over a network due to untrusted inputs in security decisions.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20",
          "CSAFPID-21",
          "CSAFPID-22",
          "CSAFPID-23",
          "CSAFPID-24",
          "CSAFPID-25",
          "CSAFPID-26",
          "CSAFPID-27",
          "CSAFPID-28",
          "CSAFPID-29",
          "CSAFPID-30",
          "CSAFPID-31",
          "CSAFPID-32",
          "CSAFPID-33",
          "CSAFPID-34",
          "CSAFPID-35",
          "CSAFPID-36",
          "CSAFPID-37",
          "CSAFPID-38",
          "CSAFPID-39",
          "CSAFPID-40",
          "CSAFPID-41",
          "CSAFPID-42",
          "CSAFPID-43",
          "CSAFPID-44",
          "CSAFPID-45",
          "CSAFPID-46",
          "CSAFPID-47",
          "CSAFPID-48",
          "CSAFPID-49",
          "CSAFPID-50",
          "CSAFPID-51",
          "CSAFPID-52",
          "CSAFPID-53"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-20849 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20849.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20",
            "CSAFPID-21",
            "CSAFPID-22",
            "CSAFPID-23",
            "CSAFPID-24",
            "CSAFPID-25",
            "CSAFPID-26",
            "CSAFPID-27",
            "CSAFPID-28",
            "CSAFPID-29",
            "CSAFPID-30",
            "CSAFPID-31",
            "CSAFPID-32",
            "CSAFPID-33",
            "CSAFPID-34",
            "CSAFPID-35",
            "CSAFPID-36",
            "CSAFPID-37",
            "CSAFPID-38",
            "CSAFPID-39",
            "CSAFPID-40",
            "CSAFPID-41",
            "CSAFPID-42",
            "CSAFPID-43",
            "CSAFPID-44",
            "CSAFPID-45",
            "CSAFPID-46",
            "CSAFPID-47",
            "CSAFPID-48",
            "CSAFPID-49",
            "CSAFPID-50",
            "CSAFPID-51",
            "CSAFPID-52",
            "CSAFPID-53"
          ]
        }
      ],
      "title": "CVE-2026-20849"
    },
    {
      "cve": "CVE-2026-20853",
      "cwe": {
        "id": "CWE-362",
        "name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)"
      },
      "notes": [
        {
          "category": "other",
          "text": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
          "title": "CWE-362"
        },
        {
          "category": "description",
          "text": "A race condition in Windows WalletService allows unauthorized attackers to locally elevate their privileges due to improper synchronization.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20",
          "CSAFPID-21",
          "CSAFPID-22",
          "CSAFPID-23",
          "CSAFPID-24",
          "CSAFPID-25",
          "CSAFPID-26",
          "CSAFPID-27",
          "CSAFPID-28",
          "CSAFPID-29",
          "CSAFPID-30",
          "CSAFPID-31",
          "CSAFPID-32",
          "CSAFPID-33",
          "CSAFPID-34",
          "CSAFPID-35",
          "CSAFPID-36",
          "CSAFPID-37",
          "CSAFPID-38",
          "CSAFPID-39",
          "CSAFPID-40",
          "CSAFPID-41",
          "CSAFPID-42",
          "CSAFPID-43",
          "CSAFPID-44",
          "CSAFPID-45",
          "CSAFPID-46",
          "CSAFPID-47",
          "CSAFPID-48",
          "CSAFPID-49",
          "CSAFPID-50",
          "CSAFPID-51",
          "CSAFPID-52",
          "CSAFPID-53"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-20853 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20853.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.4,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20",
            "CSAFPID-21",
            "CSAFPID-22",
            "CSAFPID-23",
            "CSAFPID-24",
            "CSAFPID-25",
            "CSAFPID-26",
            "CSAFPID-27",
            "CSAFPID-28",
            "CSAFPID-29",
            "CSAFPID-30",
            "CSAFPID-31",
            "CSAFPID-32",
            "CSAFPID-33",
            "CSAFPID-34",
            "CSAFPID-35",
            "CSAFPID-36",
            "CSAFPID-37",
            "CSAFPID-38",
            "CSAFPID-39",
            "CSAFPID-40",
            "CSAFPID-41",
            "CSAFPID-42",
            "CSAFPID-43",
            "CSAFPID-44",
            "CSAFPID-45",
            "CSAFPID-46",
            "CSAFPID-47",
            "CSAFPID-48",
            "CSAFPID-49",
            "CSAFPID-50",
            "CSAFPID-51",
            "CSAFPID-52",
            "CSAFPID-53"
          ]
        }
      ],
      "title": "CVE-2026-20853"
    },
    {
      "cve": "CVE-2026-20854",
      "cwe": {
        "id": "CWE-416",
        "name": "Use After Free"
      },
      "notes": [
        {
          "category": "other",
          "text": "Use After Free",
          "title": "CWE-416"
        },
        {
          "category": "description",
          "text": "The document highlights a vulnerability in the Windows LSASS that allows an authorized attacker to remotely execute code due to a \u0027use after free\u0027 flaw.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20",
          "CSAFPID-21",
          "CSAFPID-22",
          "CSAFPID-23",
          "CSAFPID-24",
          "CSAFPID-25",
          "CSAFPID-26",
          "CSAFPID-27",
          "CSAFPID-28",
          "CSAFPID-29",
          "CSAFPID-30",
          "CSAFPID-31",
          "CSAFPID-32",
          "CSAFPID-33",
          "CSAFPID-34",
          "CSAFPID-35",
          "CSAFPID-36",
          "CSAFPID-37",
          "CSAFPID-38",
          "CSAFPID-39",
          "CSAFPID-40",
          "CSAFPID-41",
          "CSAFPID-42",
          "CSAFPID-43",
          "CSAFPID-44",
          "CSAFPID-45",
          "CSAFPID-46",
          "CSAFPID-47",
          "CSAFPID-48",
          "CSAFPID-49",
          "CSAFPID-50",
          "CSAFPID-51",
          "CSAFPID-52",
          "CSAFPID-53"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-20854 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20854.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20",
            "CSAFPID-21",
            "CSAFPID-22",
            "CSAFPID-23",
            "CSAFPID-24",
            "CSAFPID-25",
            "CSAFPID-26",
            "CSAFPID-27",
            "CSAFPID-28",
            "CSAFPID-29",
            "CSAFPID-30",
            "CSAFPID-31",
            "CSAFPID-32",
            "CSAFPID-33",
            "CSAFPID-34",
            "CSAFPID-35",
            "CSAFPID-36",
            "CSAFPID-37",
            "CSAFPID-38",
            "CSAFPID-39",
            "CSAFPID-40",
            "CSAFPID-41",
            "CSAFPID-42",
            "CSAFPID-43",
            "CSAFPID-44",
            "CSAFPID-45",
            "CSAFPID-46",
            "CSAFPID-47",
            "CSAFPID-48",
            "CSAFPID-49",
            "CSAFPID-50",
            "CSAFPID-51",
            "CSAFPID-52",
            "CSAFPID-53"
          ]
        }
      ],
      "title": "CVE-2026-20854"
    },
    {
      "cve": "CVE-2026-20861",
      "cwe": {
        "id": "CWE-362",
        "name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)"
      },
      "notes": [
        {
          "category": "other",
          "text": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
          "title": "CWE-362"
        },
        {
          "category": "other",
          "text": "Double Free",
          "title": "CWE-415"
        },
        {
          "category": "other",
          "text": "Use After Free",
          "title": "CWE-416"
        },
        {
          "category": "description",
          "text": "A race condition in Windows Management Services allows authorized attackers to locally elevate their privileges due to improper synchronization.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20",
          "CSAFPID-21",
          "CSAFPID-22",
          "CSAFPID-23",
          "CSAFPID-24",
          "CSAFPID-25",
          "CSAFPID-26",
          "CSAFPID-27",
          "CSAFPID-28",
          "CSAFPID-29",
          "CSAFPID-30",
          "CSAFPID-31",
          "CSAFPID-32",
          "CSAFPID-33",
          "CSAFPID-34",
          "CSAFPID-35",
          "CSAFPID-36",
          "CSAFPID-37",
          "CSAFPID-38",
          "CSAFPID-39",
          "CSAFPID-40",
          "CSAFPID-41",
          "CSAFPID-42",
          "CSAFPID-43",
          "CSAFPID-44",
          "CSAFPID-45",
          "CSAFPID-46",
          "CSAFPID-47",
          "CSAFPID-48",
          "CSAFPID-49",
          "CSAFPID-50",
          "CSAFPID-51",
          "CSAFPID-52",
          "CSAFPID-53"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-20861 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20861.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20",
            "CSAFPID-21",
            "CSAFPID-22",
            "CSAFPID-23",
            "CSAFPID-24",
            "CSAFPID-25",
            "CSAFPID-26",
            "CSAFPID-27",
            "CSAFPID-28",
            "CSAFPID-29",
            "CSAFPID-30",
            "CSAFPID-31",
            "CSAFPID-32",
            "CSAFPID-33",
            "CSAFPID-34",
            "CSAFPID-35",
            "CSAFPID-36",
            "CSAFPID-37",
            "CSAFPID-38",
            "CSAFPID-39",
            "CSAFPID-40",
            "CSAFPID-41",
            "CSAFPID-42",
            "CSAFPID-43",
            "CSAFPID-44",
            "CSAFPID-45",
            "CSAFPID-46",
            "CSAFPID-47",
            "CSAFPID-48",
            "CSAFPID-49",
            "CSAFPID-50",
            "CSAFPID-51",
            "CSAFPID-52",
            "CSAFPID-53"
          ]
        }
      ],
      "title": "CVE-2026-20861"
    },
    {
      "cve": "CVE-2026-20862",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "notes": [
        {
          "category": "other",
          "text": "Exposure of Sensitive Information to an Unauthorized Actor",
          "title": "CWE-200"
        },
        {
          "category": "description",
          "text": "A vulnerability in Windows Management Services allows authorized attackers to locally disclose sensitive information.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20",
          "CSAFPID-21",
          "CSAFPID-22",
          "CSAFPID-23",
          "CSAFPID-24",
          "CSAFPID-25",
          "CSAFPID-26",
          "CSAFPID-27",
          "CSAFPID-28",
          "CSAFPID-29",
          "CSAFPID-30",
          "CSAFPID-31",
          "CSAFPID-32",
          "CSAFPID-33",
          "CSAFPID-34",
          "CSAFPID-35",
          "CSAFPID-36",
          "CSAFPID-37",
          "CSAFPID-38",
          "CSAFPID-39",
          "CSAFPID-40",
          "CSAFPID-41",
          "CSAFPID-42",
          "CSAFPID-43",
          "CSAFPID-44",
          "CSAFPID-45",
          "CSAFPID-46",
          "CSAFPID-47",
          "CSAFPID-48",
          "CSAFPID-49",
          "CSAFPID-50",
          "CSAFPID-51",
          "CSAFPID-52",
          "CSAFPID-53"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-20862 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20862.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20",
            "CSAFPID-21",
            "CSAFPID-22",
            "CSAFPID-23",
            "CSAFPID-24",
            "CSAFPID-25",
            "CSAFPID-26",
            "CSAFPID-27",
            "CSAFPID-28",
            "CSAFPID-29",
            "CSAFPID-30",
            "CSAFPID-31",
            "CSAFPID-32",
            "CSAFPID-33",
            "CSAFPID-34",
            "CSAFPID-35",
            "CSAFPID-36",
            "CSAFPID-37",
            "CSAFPID-38",
            "CSAFPID-39",
            "CSAFPID-40",
            "CSAFPID-41",
            "CSAFPID-42",
            "CSAFPID-43",
            "CSAFPID-44",
            "CSAFPID-45",
            "CSAFPID-46",
            "CSAFPID-47",
            "CSAFPID-48",
            "CSAFPID-49",
            "CSAFPID-50",
            "CSAFPID-51",
            "CSAFPID-52",
            "CSAFPID-53"
          ]
        }
      ],
      "title": "CVE-2026-20862"
    },
    {
      "cve": "CVE-2026-20863",
      "cwe": {
        "id": "CWE-415",
        "name": "Double Free"
      },
      "notes": [
        {
          "category": "other",
          "text": "Double Free",
          "title": "CWE-415"
        },
        {
          "category": "description",
          "text": "A double free vulnerability in Windows Win32K - ICOMP allows an authorized attacker to locally elevate their privileges.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20",
          "CSAFPID-21",
          "CSAFPID-22",
          "CSAFPID-23",
          "CSAFPID-24",
          "CSAFPID-25",
          "CSAFPID-26",
          "CSAFPID-27",
          "CSAFPID-28",
          "CSAFPID-29",
          "CSAFPID-30",
          "CSAFPID-31",
          "CSAFPID-32",
          "CSAFPID-33",
          "CSAFPID-34",
          "CSAFPID-35",
          "CSAFPID-36",
          "CSAFPID-37",
          "CSAFPID-38",
          "CSAFPID-39",
          "CSAFPID-40",
          "CSAFPID-41",
          "CSAFPID-42",
          "CSAFPID-43",
          "CSAFPID-44",
          "CSAFPID-45",
          "CSAFPID-46",
          "CSAFPID-47",
          "CSAFPID-48",
          "CSAFPID-49",
          "CSAFPID-50",
          "CSAFPID-51",
          "CSAFPID-52",
          "CSAFPID-53"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-20863 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20863.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.0,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20",
            "CSAFPID-21",
            "CSAFPID-22",
            "CSAFPID-23",
            "CSAFPID-24",
            "CSAFPID-25",
            "CSAFPID-26",
            "CSAFPID-27",
            "CSAFPID-28",
            "CSAFPID-29",
            "CSAFPID-30",
            "CSAFPID-31",
            "CSAFPID-32",
            "CSAFPID-33",
            "CSAFPID-34",
            "CSAFPID-35",
            "CSAFPID-36",
            "CSAFPID-37",
            "CSAFPID-38",
            "CSAFPID-39",
            "CSAFPID-40",
            "CSAFPID-41",
            "CSAFPID-42",
            "CSAFPID-43",
            "CSAFPID-44",
            "CSAFPID-45",
            "CSAFPID-46",
            "CSAFPID-47",
            "CSAFPID-48",
            "CSAFPID-49",
            "CSAFPID-50",
            "CSAFPID-51",
            "CSAFPID-52",
            "CSAFPID-53"
          ]
        }
      ],
      "title": "CVE-2026-20863"
    },
    {
      "cve": "CVE-2026-20866",
      "cwe": {
        "id": "CWE-362",
        "name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)"
      },
      "notes": [
        {
          "category": "other",
          "text": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
          "title": "CWE-362"
        },
        {
          "category": "description",
          "text": "A race condition in Windows Management Services allows authorized attackers to locally elevate their privileges due to improper synchronization.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20",
          "CSAFPID-21",
          "CSAFPID-22",
          "CSAFPID-23",
          "CSAFPID-24",
          "CSAFPID-25",
          "CSAFPID-26",
          "CSAFPID-27",
          "CSAFPID-28",
          "CSAFPID-29",
          "CSAFPID-30",
          "CSAFPID-31",
          "CSAFPID-32",
          "CSAFPID-33",
          "CSAFPID-34",
          "CSAFPID-35",
          "CSAFPID-36",
          "CSAFPID-37",
          "CSAFPID-38",
          "CSAFPID-39",
          "CSAFPID-40",
          "CSAFPID-41",
          "CSAFPID-42",
          "CSAFPID-43",
          "CSAFPID-44",
          "CSAFPID-45",
          "CSAFPID-46",
          "CSAFPID-47",
          "CSAFPID-48",
          "CSAFPID-49",
          "CSAFPID-50",
          "CSAFPID-51",
          "CSAFPID-52",
          "CSAFPID-53"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-20866 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20866.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20",
            "CSAFPID-21",
            "CSAFPID-22",
            "CSAFPID-23",
            "CSAFPID-24",
            "CSAFPID-25",
            "CSAFPID-26",
            "CSAFPID-27",
            "CSAFPID-28",
            "CSAFPID-29",
            "CSAFPID-30",
            "CSAFPID-31",
            "CSAFPID-32",
            "CSAFPID-33",
            "CSAFPID-34",
            "CSAFPID-35",
            "CSAFPID-36",
            "CSAFPID-37",
            "CSAFPID-38",
            "CSAFPID-39",
            "CSAFPID-40",
            "CSAFPID-41",
            "CSAFPID-42",
            "CSAFPID-43",
            "CSAFPID-44",
            "CSAFPID-45",
            "CSAFPID-46",
            "CSAFPID-47",
            "CSAFPID-48",
            "CSAFPID-49",
            "CSAFPID-50",
            "CSAFPID-51",
            "CSAFPID-52",
            "CSAFPID-53"
          ]
        }
      ],
      "title": "CVE-2026-20866"
    },
    {
      "cve": "CVE-2026-20867",
      "cwe": {
        "id": "CWE-362",
        "name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)"
      },
      "notes": [
        {
          "category": "other",
          "text": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
          "title": "CWE-362"
        },
        {
          "category": "other",
          "text": "Double Free",
          "title": "CWE-415"
        },
        {
          "category": "other",
          "text": "Use After Free",
          "title": "CWE-416"
        },
        {
          "category": "description",
          "text": "A race condition in Windows Management Services allows authorized attackers to locally elevate their privileges due to improper synchronization.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20",
          "CSAFPID-21",
          "CSAFPID-22",
          "CSAFPID-23",
          "CSAFPID-24",
          "CSAFPID-25",
          "CSAFPID-26",
          "CSAFPID-27",
          "CSAFPID-28",
          "CSAFPID-29",
          "CSAFPID-30",
          "CSAFPID-31",
          "CSAFPID-32",
          "CSAFPID-33",
          "CSAFPID-34",
          "CSAFPID-35",
          "CSAFPID-36",
          "CSAFPID-37",
          "CSAFPID-38",
          "CSAFPID-39",
          "CSAFPID-40",
          "CSAFPID-41",
          "CSAFPID-42",
          "CSAFPID-43",
          "CSAFPID-44",
          "CSAFPID-45",
          "CSAFPID-46",
          "CSAFPID-47",
          "CSAFPID-48",
          "CSAFPID-49",
          "CSAFPID-50",
          "CSAFPID-51",
          "CSAFPID-52",
          "CSAFPID-53"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-20867 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20867.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20",
            "CSAFPID-21",
            "CSAFPID-22",
            "CSAFPID-23",
            "CSAFPID-24",
            "CSAFPID-25",
            "CSAFPID-26",
            "CSAFPID-27",
            "CSAFPID-28",
            "CSAFPID-29",
            "CSAFPID-30",
            "CSAFPID-31",
            "CSAFPID-32",
            "CSAFPID-33",
            "CSAFPID-34",
            "CSAFPID-35",
            "CSAFPID-36",
            "CSAFPID-37",
            "CSAFPID-38",
            "CSAFPID-39",
            "CSAFPID-40",
            "CSAFPID-41",
            "CSAFPID-42",
            "CSAFPID-43",
            "CSAFPID-44",
            "CSAFPID-45",
            "CSAFPID-46",
            "CSAFPID-47",
            "CSAFPID-48",
            "CSAFPID-49",
            "CSAFPID-50",
            "CSAFPID-51",
            "CSAFPID-52",
            "CSAFPID-53"
          ]
        }
      ],
      "title": "CVE-2026-20867"
    },
    {
      "cve": "CVE-2026-20868",
      "cwe": {
        "id": "CWE-122",
        "name": "Heap-based Buffer Overflow"
      },
      "notes": [
        {
          "category": "other",
          "text": "Heap-based Buffer Overflow",
          "title": "CWE-122"
        },
        {
          "category": "description",
          "text": "A heap-based buffer overflow vulnerability in Windows Routing and Remote Access Service (RRAS) allows unauthorized attackers to execute code remotely.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20",
          "CSAFPID-21",
          "CSAFPID-22",
          "CSAFPID-23",
          "CSAFPID-24",
          "CSAFPID-25",
          "CSAFPID-26",
          "CSAFPID-27",
          "CSAFPID-28",
          "CSAFPID-29",
          "CSAFPID-30",
          "CSAFPID-31",
          "CSAFPID-32",
          "CSAFPID-33",
          "CSAFPID-34",
          "CSAFPID-35",
          "CSAFPID-36",
          "CSAFPID-37",
          "CSAFPID-38",
          "CSAFPID-39",
          "CSAFPID-40",
          "CSAFPID-41",
          "CSAFPID-42",
          "CSAFPID-43",
          "CSAFPID-44",
          "CSAFPID-45",
          "CSAFPID-46",
          "CSAFPID-47",
          "CSAFPID-48",
          "CSAFPID-49",
          "CSAFPID-50",
          "CSAFPID-51",
          "CSAFPID-52",
          "CSAFPID-53"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-20868 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20868.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20",
            "CSAFPID-21",
            "CSAFPID-22",
            "CSAFPID-23",
            "CSAFPID-24",
            "CSAFPID-25",
            "CSAFPID-26",
            "CSAFPID-27",
            "CSAFPID-28",
            "CSAFPID-29",
            "CSAFPID-30",
            "CSAFPID-31",
            "CSAFPID-32",
            "CSAFPID-33",
            "CSAFPID-34",
            "CSAFPID-35",
            "CSAFPID-36",
            "CSAFPID-37",
            "CSAFPID-38",
            "CSAFPID-39",
            "CSAFPID-40",
            "CSAFPID-41",
            "CSAFPID-42",
            "CSAFPID-43",
            "CSAFPID-44",
            "CSAFPID-45",
            "CSAFPID-46",
            "CSAFPID-47",
            "CSAFPID-48",
            "CSAFPID-49",
            "CSAFPID-50",
            "CSAFPID-51",
            "CSAFPID-52",
            "CSAFPID-53"
          ]
        }
      ],
      "title": "CVE-2026-20868"
    },
    {
      "cve": "CVE-2026-20870",
      "cwe": {
        "id": "CWE-416",
        "name": "Use After Free"
      },
      "notes": [
        {
          "category": "other",
          "text": "Use After Free",
          "title": "CWE-416"
        },
        {
          "category": "description",
          "text": "A use-after-free vulnerability in Windows Win32K\u0027s ICOMP component allows an authorized attacker to locally elevate their privileges.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20",
          "CSAFPID-21",
          "CSAFPID-22",
          "CSAFPID-23",
          "CSAFPID-24",
          "CSAFPID-25",
          "CSAFPID-26",
          "CSAFPID-27",
          "CSAFPID-28",
          "CSAFPID-29",
          "CSAFPID-30",
          "CSAFPID-31",
          "CSAFPID-32",
          "CSAFPID-33",
          "CSAFPID-34",
          "CSAFPID-35",
          "CSAFPID-36",
          "CSAFPID-37",
          "CSAFPID-38",
          "CSAFPID-39",
          "CSAFPID-40",
          "CSAFPID-41",
          "CSAFPID-42",
          "CSAFPID-43",
          "CSAFPID-44",
          "CSAFPID-45",
          "CSAFPID-46",
          "CSAFPID-47",
          "CSAFPID-48",
          "CSAFPID-49",
          "CSAFPID-50",
          "CSAFPID-51",
          "CSAFPID-52",
          "CSAFPID-53"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-20870 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20870.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20",
            "CSAFPID-21",
            "CSAFPID-22",
            "CSAFPID-23",
            "CSAFPID-24",
            "CSAFPID-25",
            "CSAFPID-26",
            "CSAFPID-27",
            "CSAFPID-28",
            "CSAFPID-29",
            "CSAFPID-30",
            "CSAFPID-31",
            "CSAFPID-32",
            "CSAFPID-33",
            "CSAFPID-34",
            "CSAFPID-35",
            "CSAFPID-36",
            "CSAFPID-37",
            "CSAFPID-38",
            "CSAFPID-39",
            "CSAFPID-40",
            "CSAFPID-41",
            "CSAFPID-42",
            "CSAFPID-43",
            "CSAFPID-44",
            "CSAFPID-45",
            "CSAFPID-46",
            "CSAFPID-47",
            "CSAFPID-48",
            "CSAFPID-49",
            "CSAFPID-50",
            "CSAFPID-51",
            "CSAFPID-52",
            "CSAFPID-53"
          ]
        }
      ],
      "title": "CVE-2026-20870"
    },
    {
      "cve": "CVE-2026-20871",
      "cwe": {
        "id": "CWE-416",
        "name": "Use After Free"
      },
      "notes": [
        {
          "category": "other",
          "text": "Use After Free",
          "title": "CWE-416"
        },
        {
          "category": "description",
          "text": "A use-after-free vulnerability in Desktop Windows Manager allows an authorized attacker to locally elevate their privileges.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20",
          "CSAFPID-21",
          "CSAFPID-22",
          "CSAFPID-23",
          "CSAFPID-24",
          "CSAFPID-25",
          "CSAFPID-26",
          "CSAFPID-27",
          "CSAFPID-28",
          "CSAFPID-29",
          "CSAFPID-30",
          "CSAFPID-31",
          "CSAFPID-32",
          "CSAFPID-33",
          "CSAFPID-34",
          "CSAFPID-35",
          "CSAFPID-36",
          "CSAFPID-37",
          "CSAFPID-38",
          "CSAFPID-39",
          "CSAFPID-40",
          "CSAFPID-41",
          "CSAFPID-42",
          "CSAFPID-43",
          "CSAFPID-44",
          "CSAFPID-45",
          "CSAFPID-46",
          "CSAFPID-47",
          "CSAFPID-48",
          "CSAFPID-49",
          "CSAFPID-50",
          "CSAFPID-51",
          "CSAFPID-52",
          "CSAFPID-53"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-20871 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20871.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20",
            "CSAFPID-21",
            "CSAFPID-22",
            "CSAFPID-23",
            "CSAFPID-24",
            "CSAFPID-25",
            "CSAFPID-26",
            "CSAFPID-27",
            "CSAFPID-28",
            "CSAFPID-29",
            "CSAFPID-30",
            "CSAFPID-31",
            "CSAFPID-32",
            "CSAFPID-33",
            "CSAFPID-34",
            "CSAFPID-35",
            "CSAFPID-36",
            "CSAFPID-37",
            "CSAFPID-38",
            "CSAFPID-39",
            "CSAFPID-40",
            "CSAFPID-41",
            "CSAFPID-42",
            "CSAFPID-43",
            "CSAFPID-44",
            "CSAFPID-45",
            "CSAFPID-46",
            "CSAFPID-47",
            "CSAFPID-48",
            "CSAFPID-49",
            "CSAFPID-50",
            "CSAFPID-51",
            "CSAFPID-52",
            "CSAFPID-53"
          ]
        }
      ],
      "title": "CVE-2026-20871"
    },
    {
      "cve": "CVE-2026-20872",
      "cwe": {
        "id": "CWE-73",
        "name": "External Control of File Name or Path"
      },
      "notes": [
        {
          "category": "other",
          "text": "External Control of File Name or Path",
          "title": "CWE-73"
        },
        {
          "category": "description",
          "text": "External control of file names or paths in Windows NTLM can allow unauthorized attackers to execute spoofing attacks over a network.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20",
          "CSAFPID-21",
          "CSAFPID-22",
          "CSAFPID-23",
          "CSAFPID-24",
          "CSAFPID-25",
          "CSAFPID-26",
          "CSAFPID-27",
          "CSAFPID-28",
          "CSAFPID-29",
          "CSAFPID-30",
          "CSAFPID-31",
          "CSAFPID-32",
          "CSAFPID-33",
          "CSAFPID-34",
          "CSAFPID-35",
          "CSAFPID-36",
          "CSAFPID-37",
          "CSAFPID-38",
          "CSAFPID-39",
          "CSAFPID-40",
          "CSAFPID-41",
          "CSAFPID-42",
          "CSAFPID-43",
          "CSAFPID-44",
          "CSAFPID-45",
          "CSAFPID-46",
          "CSAFPID-47",
          "CSAFPID-48",
          "CSAFPID-49",
          "CSAFPID-50",
          "CSAFPID-51",
          "CSAFPID-52",
          "CSAFPID-53"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-20872 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20872.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20",
            "CSAFPID-21",
            "CSAFPID-22",
            "CSAFPID-23",
            "CSAFPID-24",
            "CSAFPID-25",
            "CSAFPID-26",
            "CSAFPID-27",
            "CSAFPID-28",
            "CSAFPID-29",
            "CSAFPID-30",
            "CSAFPID-31",
            "CSAFPID-32",
            "CSAFPID-33",
            "CSAFPID-34",
            "CSAFPID-35",
            "CSAFPID-36",
            "CSAFPID-37",
            "CSAFPID-38",
            "CSAFPID-39",
            "CSAFPID-40",
            "CSAFPID-41",
            "CSAFPID-42",
            "CSAFPID-43",
            "CSAFPID-44",
            "CSAFPID-45",
            "CSAFPID-46",
            "CSAFPID-47",
            "CSAFPID-48",
            "CSAFPID-49",
            "CSAFPID-50",
            "CSAFPID-51",
            "CSAFPID-52",
            "CSAFPID-53"
          ]
        }
      ],
      "title": "CVE-2026-20872"
    },
    {
      "cve": "CVE-2026-20873",
      "cwe": {
        "id": "CWE-362",
        "name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)"
      },
      "notes": [
        {
          "category": "other",
          "text": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
          "title": "CWE-362"
        },
        {
          "category": "other",
          "text": "Use After Free",
          "title": "CWE-416"
        },
        {
          "category": "description",
          "text": "A race condition in Windows Management Services allows authorized attackers to locally elevate their privileges due to improper synchronization.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20",
          "CSAFPID-21",
          "CSAFPID-22",
          "CSAFPID-23",
          "CSAFPID-24",
          "CSAFPID-25",
          "CSAFPID-26",
          "CSAFPID-27",
          "CSAFPID-28",
          "CSAFPID-29",
          "CSAFPID-30",
          "CSAFPID-31",
          "CSAFPID-32",
          "CSAFPID-33",
          "CSAFPID-34",
          "CSAFPID-35",
          "CSAFPID-36",
          "CSAFPID-37",
          "CSAFPID-38",
          "CSAFPID-39",
          "CSAFPID-40",
          "CSAFPID-41",
          "CSAFPID-42",
          "CSAFPID-43",
          "CSAFPID-44",
          "CSAFPID-45",
          "CSAFPID-46",
          "CSAFPID-47",
          "CSAFPID-48",
          "CSAFPID-49",
          "CSAFPID-50",
          "CSAFPID-51",
          "CSAFPID-52",
          "CSAFPID-53"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-20873 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20873.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20",
            "CSAFPID-21",
            "CSAFPID-22",
            "CSAFPID-23",
            "CSAFPID-24",
            "CSAFPID-25",
            "CSAFPID-26",
            "CSAFPID-27",
            "CSAFPID-28",
            "CSAFPID-29",
            "CSAFPID-30",
            "CSAFPID-31",
            "CSAFPID-32",
            "CSAFPID-33",
            "CSAFPID-34",
            "CSAFPID-35",
            "CSAFPID-36",
            "CSAFPID-37",
            "CSAFPID-38",
            "CSAFPID-39",
            "CSAFPID-40",
            "CSAFPID-41",
            "CSAFPID-42",
            "CSAFPID-43",
            "CSAFPID-44",
            "CSAFPID-45",
            "CSAFPID-46",
            "CSAFPID-47",
            "CSAFPID-48",
            "CSAFPID-49",
            "CSAFPID-50",
            "CSAFPID-51",
            "CSAFPID-52",
            "CSAFPID-53"
          ]
        }
      ],
      "title": "CVE-2026-20873"
    },
    {
      "cve": "CVE-2026-20874",
      "cwe": {
        "id": "CWE-362",
        "name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)"
      },
      "notes": [
        {
          "category": "other",
          "text": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
          "title": "CWE-362"
        },
        {
          "category": "other",
          "text": "Use After Free",
          "title": "CWE-416"
        },
        {
          "category": "description",
          "text": "A race condition in Windows Management Services allows authorized attackers to locally elevate their privileges due to improper synchronization.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20",
          "CSAFPID-21",
          "CSAFPID-22",
          "CSAFPID-23",
          "CSAFPID-24",
          "CSAFPID-25",
          "CSAFPID-26",
          "CSAFPID-27",
          "CSAFPID-28",
          "CSAFPID-29",
          "CSAFPID-30",
          "CSAFPID-31",
          "CSAFPID-32",
          "CSAFPID-33",
          "CSAFPID-34",
          "CSAFPID-35",
          "CSAFPID-36",
          "CSAFPID-37",
          "CSAFPID-38",
          "CSAFPID-39",
          "CSAFPID-40",
          "CSAFPID-41",
          "CSAFPID-42",
          "CSAFPID-43",
          "CSAFPID-44",
          "CSAFPID-45",
          "CSAFPID-46",
          "CSAFPID-47",
          "CSAFPID-48",
          "CSAFPID-49",
          "CSAFPID-50",
          "CSAFPID-51",
          "CSAFPID-52",
          "CSAFPID-53"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-20874 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20874.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20",
            "CSAFPID-21",
            "CSAFPID-22",
            "CSAFPID-23",
            "CSAFPID-24",
            "CSAFPID-25",
            "CSAFPID-26",
            "CSAFPID-27",
            "CSAFPID-28",
            "CSAFPID-29",
            "CSAFPID-30",
            "CSAFPID-31",
            "CSAFPID-32",
            "CSAFPID-33",
            "CSAFPID-34",
            "CSAFPID-35",
            "CSAFPID-36",
            "CSAFPID-37",
            "CSAFPID-38",
            "CSAFPID-39",
            "CSAFPID-40",
            "CSAFPID-41",
            "CSAFPID-42",
            "CSAFPID-43",
            "CSAFPID-44",
            "CSAFPID-45",
            "CSAFPID-46",
            "CSAFPID-47",
            "CSAFPID-48",
            "CSAFPID-49",
            "CSAFPID-50",
            "CSAFPID-51",
            "CSAFPID-52",
            "CSAFPID-53"
          ]
        }
      ],
      "title": "CVE-2026-20874"
    },
    {
      "cve": "CVE-2024-55414",
      "cwe": {
        "id": "CWE-77",
        "name": "Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
          "title": "CWE-77"
        },
        {
          "category": "other",
          "text": "Heap-based Buffer Overflow",
          "title": "CWE-122"
        },
        {
          "category": "description",
          "text": "Microsoft has removed the smserl64.sys and smserial.sys drivers due to vulnerabilities, particularly affecting the Motorola SM56 Modem, which allows for privilege escalation and code execution by low-privileged users.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20",
          "CSAFPID-21",
          "CSAFPID-22",
          "CSAFPID-23",
          "CSAFPID-24",
          "CSAFPID-25",
          "CSAFPID-26",
          "CSAFPID-27",
          "CSAFPID-28",
          "CSAFPID-29",
          "CSAFPID-30",
          "CSAFPID-31",
          "CSAFPID-32",
          "CSAFPID-33",
          "CSAFPID-34",
          "CSAFPID-35",
          "CSAFPID-36",
          "CSAFPID-37",
          "CSAFPID-38",
          "CSAFPID-39",
          "CSAFPID-40",
          "CSAFPID-41",
          "CSAFPID-42",
          "CSAFPID-43",
          "CSAFPID-44",
          "CSAFPID-45",
          "CSAFPID-46",
          "CSAFPID-47",
          "CSAFPID-48",
          "CSAFPID-49",
          "CSAFPID-50",
          "CSAFPID-51",
          "CSAFPID-52",
          "CSAFPID-53"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-55414 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2024/cve-2024-55414.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20",
            "CSAFPID-21",
            "CSAFPID-22",
            "CSAFPID-23",
            "CSAFPID-24",
            "CSAFPID-25",
            "CSAFPID-26",
            "CSAFPID-27",
            "CSAFPID-28",
            "CSAFPID-29",
            "CSAFPID-30",
            "CSAFPID-31",
            "CSAFPID-32",
            "CSAFPID-33",
            "CSAFPID-34",
            "CSAFPID-35",
            "CSAFPID-36",
            "CSAFPID-37",
            "CSAFPID-38",
            "CSAFPID-39",
            "CSAFPID-40",
            "CSAFPID-41",
            "CSAFPID-42",
            "CSAFPID-43",
            "CSAFPID-44",
            "CSAFPID-45",
            "CSAFPID-46",
            "CSAFPID-47",
            "CSAFPID-48",
            "CSAFPID-49",
            "CSAFPID-50",
            "CSAFPID-51",
            "CSAFPID-52",
            "CSAFPID-53"
          ]
        }
      ],
      "title": "CVE-2024-55414"
    },
    {
      "cve": "CVE-2026-20931",
      "cwe": {
        "id": "CWE-73",
        "name": "External Control of File Name or Path"
      },
      "notes": [
        {
          "category": "other",
          "text": "External Control of File Name or Path",
          "title": "CWE-73"
        },
        {
          "category": "description",
          "text": "An external control vulnerability in the Windows Telephony Service allows an authorized attacker to gain elevated privileges on an adjacent network.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20",
          "CSAFPID-21",
          "CSAFPID-22",
          "CSAFPID-23",
          "CSAFPID-24",
          "CSAFPID-25",
          "CSAFPID-26",
          "CSAFPID-27",
          "CSAFPID-28",
          "CSAFPID-29",
          "CSAFPID-30",
          "CSAFPID-31",
          "CSAFPID-32",
          "CSAFPID-33",
          "CSAFPID-34",
          "CSAFPID-35",
          "CSAFPID-36",
          "CSAFPID-37",
          "CSAFPID-38",
          "CSAFPID-39",
          "CSAFPID-40",
          "CSAFPID-41",
          "CSAFPID-42",
          "CSAFPID-43",
          "CSAFPID-44",
          "CSAFPID-45",
          "CSAFPID-46",
          "CSAFPID-47",
          "CSAFPID-48",
          "CSAFPID-49",
          "CSAFPID-50",
          "CSAFPID-51",
          "CSAFPID-52",
          "CSAFPID-53"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-20931 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20931.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.0,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20",
            "CSAFPID-21",
            "CSAFPID-22",
            "CSAFPID-23",
            "CSAFPID-24",
            "CSAFPID-25",
            "CSAFPID-26",
            "CSAFPID-27",
            "CSAFPID-28",
            "CSAFPID-29",
            "CSAFPID-30",
            "CSAFPID-31",
            "CSAFPID-32",
            "CSAFPID-33",
            "CSAFPID-34",
            "CSAFPID-35",
            "CSAFPID-36",
            "CSAFPID-37",
            "CSAFPID-38",
            "CSAFPID-39",
            "CSAFPID-40",
            "CSAFPID-41",
            "CSAFPID-42",
            "CSAFPID-43",
            "CSAFPID-44",
            "CSAFPID-45",
            "CSAFPID-46",
            "CSAFPID-47",
            "CSAFPID-48",
            "CSAFPID-49",
            "CSAFPID-50",
            "CSAFPID-51",
            "CSAFPID-52",
            "CSAFPID-53"
          ]
        }
      ],
      "title": "CVE-2026-20931"
    },
    {
      "cve": "CVE-2026-20935",
      "cwe": {
        "id": "CWE-822",
        "name": "Untrusted Pointer Dereference"
      },
      "notes": [
        {
          "category": "other",
          "text": "Untrusted Pointer Dereference",
          "title": "CWE-822"
        },
        {
          "category": "description",
          "text": "A vulnerability in Windows Virtualization-Based Security (VBS) Enclave allows unauthorized attackers to locally disclose sensitive information through untrusted pointer dereference.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20",
          "CSAFPID-21",
          "CSAFPID-22",
          "CSAFPID-23",
          "CSAFPID-24",
          "CSAFPID-25",
          "CSAFPID-26",
          "CSAFPID-27",
          "CSAFPID-28",
          "CSAFPID-29",
          "CSAFPID-30",
          "CSAFPID-31",
          "CSAFPID-32",
          "CSAFPID-33",
          "CSAFPID-34",
          "CSAFPID-35",
          "CSAFPID-36",
          "CSAFPID-37",
          "CSAFPID-38",
          "CSAFPID-39",
          "CSAFPID-40",
          "CSAFPID-41",
          "CSAFPID-42",
          "CSAFPID-43",
          "CSAFPID-44",
          "CSAFPID-45",
          "CSAFPID-46",
          "CSAFPID-47",
          "CSAFPID-48",
          "CSAFPID-49",
          "CSAFPID-50",
          "CSAFPID-51",
          "CSAFPID-52",
          "CSAFPID-53"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-20935 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20935.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.2,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20",
            "CSAFPID-21",
            "CSAFPID-22",
            "CSAFPID-23",
            "CSAFPID-24",
            "CSAFPID-25",
            "CSAFPID-26",
            "CSAFPID-27",
            "CSAFPID-28",
            "CSAFPID-29",
            "CSAFPID-30",
            "CSAFPID-31",
            "CSAFPID-32",
            "CSAFPID-33",
            "CSAFPID-34",
            "CSAFPID-35",
            "CSAFPID-36",
            "CSAFPID-37",
            "CSAFPID-38",
            "CSAFPID-39",
            "CSAFPID-40",
            "CSAFPID-41",
            "CSAFPID-42",
            "CSAFPID-43",
            "CSAFPID-44",
            "CSAFPID-45",
            "CSAFPID-46",
            "CSAFPID-47",
            "CSAFPID-48",
            "CSAFPID-49",
            "CSAFPID-50",
            "CSAFPID-51",
            "CSAFPID-52",
            "CSAFPID-53"
          ]
        }
      ],
      "title": "CVE-2026-20935"
    },
    {
      "cve": "CVE-2026-20936",
      "cwe": {
        "id": "CWE-125",
        "name": "Out-of-bounds Read"
      },
      "notes": [
        {
          "category": "other",
          "text": "Out-of-bounds Read",
          "title": "CWE-125"
        },
        {
          "category": "description",
          "text": "An out-of-bounds read vulnerability in Windows NDIS allows an authorized attacker to disclose information via a physical attack.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20",
          "CSAFPID-21",
          "CSAFPID-22",
          "CSAFPID-23",
          "CSAFPID-24",
          "CSAFPID-25",
          "CSAFPID-26",
          "CSAFPID-27",
          "CSAFPID-28",
          "CSAFPID-29",
          "CSAFPID-30",
          "CSAFPID-31",
          "CSAFPID-32",
          "CSAFPID-33",
          "CSAFPID-34",
          "CSAFPID-35",
          "CSAFPID-36",
          "CSAFPID-37",
          "CSAFPID-38",
          "CSAFPID-39",
          "CSAFPID-40",
          "CSAFPID-41",
          "CSAFPID-42",
          "CSAFPID-43",
          "CSAFPID-44",
          "CSAFPID-45",
          "CSAFPID-46",
          "CSAFPID-47",
          "CSAFPID-48",
          "CSAFPID-49",
          "CSAFPID-50",
          "CSAFPID-51",
          "CSAFPID-52",
          "CSAFPID-53"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-20936 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20936.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20",
            "CSAFPID-21",
            "CSAFPID-22",
            "CSAFPID-23",
            "CSAFPID-24",
            "CSAFPID-25",
            "CSAFPID-26",
            "CSAFPID-27",
            "CSAFPID-28",
            "CSAFPID-29",
            "CSAFPID-30",
            "CSAFPID-31",
            "CSAFPID-32",
            "CSAFPID-33",
            "CSAFPID-34",
            "CSAFPID-35",
            "CSAFPID-36",
            "CSAFPID-37",
            "CSAFPID-38",
            "CSAFPID-39",
            "CSAFPID-40",
            "CSAFPID-41",
            "CSAFPID-42",
            "CSAFPID-43",
            "CSAFPID-44",
            "CSAFPID-45",
            "CSAFPID-46",
            "CSAFPID-47",
            "CSAFPID-48",
            "CSAFPID-49",
            "CSAFPID-50",
            "CSAFPID-51",
            "CSAFPID-52",
            "CSAFPID-53"
          ]
        }
      ],
      "title": "CVE-2026-20936"
    },
    {
      "cve": "CVE-2026-20937",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "notes": [
        {
          "category": "other",
          "text": "Exposure of Sensitive Information to an Unauthorized Actor",
          "title": "CWE-200"
        },
        {
          "category": "description",
          "text": "The document highlights a vulnerability in Windows File Explorer that allows authorized attackers to disclose sensitive information to unauthorized users locally.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20",
          "CSAFPID-21",
          "CSAFPID-22",
          "CSAFPID-23",
          "CSAFPID-24",
          "CSAFPID-25",
          "CSAFPID-26",
          "CSAFPID-27",
          "CSAFPID-28",
          "CSAFPID-29",
          "CSAFPID-30",
          "CSAFPID-31",
          "CSAFPID-32",
          "CSAFPID-33",
          "CSAFPID-34",
          "CSAFPID-35",
          "CSAFPID-36",
          "CSAFPID-37",
          "CSAFPID-38",
          "CSAFPID-39",
          "CSAFPID-40",
          "CSAFPID-41",
          "CSAFPID-42",
          "CSAFPID-43",
          "CSAFPID-44",
          "CSAFPID-45",
          "CSAFPID-46",
          "CSAFPID-47",
          "CSAFPID-48",
          "CSAFPID-49",
          "CSAFPID-50",
          "CSAFPID-51",
          "CSAFPID-52",
          "CSAFPID-53"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-20937 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20937.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20",
            "CSAFPID-21",
            "CSAFPID-22",
            "CSAFPID-23",
            "CSAFPID-24",
            "CSAFPID-25",
            "CSAFPID-26",
            "CSAFPID-27",
            "CSAFPID-28",
            "CSAFPID-29",
            "CSAFPID-30",
            "CSAFPID-31",
            "CSAFPID-32",
            "CSAFPID-33",
            "CSAFPID-34",
            "CSAFPID-35",
            "CSAFPID-36",
            "CSAFPID-37",
            "CSAFPID-38",
            "CSAFPID-39",
            "CSAFPID-40",
            "CSAFPID-41",
            "CSAFPID-42",
            "CSAFPID-43",
            "CSAFPID-44",
            "CSAFPID-45",
            "CSAFPID-46",
            "CSAFPID-47",
            "CSAFPID-48",
            "CSAFPID-49",
            "CSAFPID-50",
            "CSAFPID-51",
            "CSAFPID-52",
            "CSAFPID-53"
          ]
        }
      ],
      "title": "CVE-2026-20937"
    },
    {
      "cve": "CVE-2026-20939",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "notes": [
        {
          "category": "other",
          "text": "Exposure of Sensitive Information to an Unauthorized Actor",
          "title": "CWE-200"
        },
        {
          "category": "description",
          "text": "A vulnerability in Windows File Explorer allows authorized attackers to expose sensitive information to unauthorized users locally.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20",
          "CSAFPID-21",
          "CSAFPID-22",
          "CSAFPID-23",
          "CSAFPID-24",
          "CSAFPID-25",
          "CSAFPID-26",
          "CSAFPID-27",
          "CSAFPID-28",
          "CSAFPID-29",
          "CSAFPID-30",
          "CSAFPID-31",
          "CSAFPID-32",
          "CSAFPID-33",
          "CSAFPID-34",
          "CSAFPID-35",
          "CSAFPID-36",
          "CSAFPID-37",
          "CSAFPID-38",
          "CSAFPID-39",
          "CSAFPID-40",
          "CSAFPID-41",
          "CSAFPID-42",
          "CSAFPID-43",
          "CSAFPID-44",
          "CSAFPID-45",
          "CSAFPID-46",
          "CSAFPID-47",
          "CSAFPID-48",
          "CSAFPID-49",
          "CSAFPID-50",
          "CSAFPID-51",
          "CSAFPID-52",
          "CSAFPID-53"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-20939 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20939.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20",
            "CSAFPID-21",
            "CSAFPID-22",
            "CSAFPID-23",
            "CSAFPID-24",
            "CSAFPID-25",
            "CSAFPID-26",
            "CSAFPID-27",
            "CSAFPID-28",
            "CSAFPID-29",
            "CSAFPID-30",
            "CSAFPID-31",
            "CSAFPID-32",
            "CSAFPID-33",
            "CSAFPID-34",
            "CSAFPID-35",
            "CSAFPID-36",
            "CSAFPID-37",
            "CSAFPID-38",
            "CSAFPID-39",
            "CSAFPID-40",
            "CSAFPID-41",
            "CSAFPID-42",
            "CSAFPID-43",
            "CSAFPID-44",
            "CSAFPID-45",
            "CSAFPID-46",
            "CSAFPID-47",
            "CSAFPID-48",
            "CSAFPID-49",
            "CSAFPID-50",
            "CSAFPID-51",
            "CSAFPID-52",
            "CSAFPID-53"
          ]
        }
      ],
      "title": "CVE-2026-20939"
    },
    {
      "cve": "CVE-2026-20941",
      "cwe": {
        "id": "CWE-59",
        "name": "Improper Link Resolution Before File Access (\u0027Link Following\u0027)"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
          "title": "CWE-59"
        },
        {
          "category": "description",
          "text": "The document outlines a vulnerability in the Host Process for Windows Tasks that enables an authorized attacker to elevate privileges locally due to improper link resolution prior to file access.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20",
          "CSAFPID-21",
          "CSAFPID-22",
          "CSAFPID-23",
          "CSAFPID-24",
          "CSAFPID-25",
          "CSAFPID-26",
          "CSAFPID-27",
          "CSAFPID-28",
          "CSAFPID-29",
          "CSAFPID-30",
          "CSAFPID-31",
          "CSAFPID-32",
          "CSAFPID-33",
          "CSAFPID-34",
          "CSAFPID-35",
          "CSAFPID-36",
          "CSAFPID-37",
          "CSAFPID-38",
          "CSAFPID-39",
          "CSAFPID-40",
          "CSAFPID-41",
          "CSAFPID-42",
          "CSAFPID-43",
          "CSAFPID-44",
          "CSAFPID-45",
          "CSAFPID-46",
          "CSAFPID-47",
          "CSAFPID-48",
          "CSAFPID-49",
          "CSAFPID-50",
          "CSAFPID-51",
          "CSAFPID-52",
          "CSAFPID-53"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-20941 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20941.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20",
            "CSAFPID-21",
            "CSAFPID-22",
            "CSAFPID-23",
            "CSAFPID-24",
            "CSAFPID-25",
            "CSAFPID-26",
            "CSAFPID-27",
            "CSAFPID-28",
            "CSAFPID-29",
            "CSAFPID-30",
            "CSAFPID-31",
            "CSAFPID-32",
            "CSAFPID-33",
            "CSAFPID-34",
            "CSAFPID-35",
            "CSAFPID-36",
            "CSAFPID-37",
            "CSAFPID-38",
            "CSAFPID-39",
            "CSAFPID-40",
            "CSAFPID-41",
            "CSAFPID-42",
            "CSAFPID-43",
            "CSAFPID-44",
            "CSAFPID-45",
            "CSAFPID-46",
            "CSAFPID-47",
            "CSAFPID-48",
            "CSAFPID-49",
            "CSAFPID-50",
            "CSAFPID-51",
            "CSAFPID-52",
            "CSAFPID-53"
          ]
        }
      ],
      "title": "CVE-2026-20941"
    },
    {
      "cve": "CVE-2026-20810",
      "cwe": {
        "id": "CWE-590",
        "name": "Free of Memory not on the Heap"
      },
      "notes": [
        {
          "category": "other",
          "text": "Free of Memory not on the Heap",
          "title": "CWE-590"
        },
        {
          "category": "description",
          "text": "The Windows Ancillary Function Driver for WinSock contains a vulnerability that enables an authorized attacker to locally elevate privileges due to improper memory management.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20",
          "CSAFPID-21",
          "CSAFPID-22",
          "CSAFPID-23",
          "CSAFPID-24",
          "CSAFPID-25",
          "CSAFPID-26",
          "CSAFPID-27",
          "CSAFPID-28",
          "CSAFPID-29",
          "CSAFPID-30",
          "CSAFPID-31",
          "CSAFPID-32",
          "CSAFPID-33",
          "CSAFPID-34",
          "CSAFPID-35",
          "CSAFPID-36",
          "CSAFPID-37",
          "CSAFPID-38",
          "CSAFPID-39",
          "CSAFPID-40",
          "CSAFPID-41",
          "CSAFPID-42",
          "CSAFPID-43",
          "CSAFPID-44",
          "CSAFPID-45",
          "CSAFPID-46",
          "CSAFPID-47",
          "CSAFPID-48",
          "CSAFPID-49",
          "CSAFPID-50",
          "CSAFPID-51",
          "CSAFPID-52",
          "CSAFPID-53"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-20810 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20810.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20",
            "CSAFPID-21",
            "CSAFPID-22",
            "CSAFPID-23",
            "CSAFPID-24",
            "CSAFPID-25",
            "CSAFPID-26",
            "CSAFPID-27",
            "CSAFPID-28",
            "CSAFPID-29",
            "CSAFPID-30",
            "CSAFPID-31",
            "CSAFPID-32",
            "CSAFPID-33",
            "CSAFPID-34",
            "CSAFPID-35",
            "CSAFPID-36",
            "CSAFPID-37",
            "CSAFPID-38",
            "CSAFPID-39",
            "CSAFPID-40",
            "CSAFPID-41",
            "CSAFPID-42",
            "CSAFPID-43",
            "CSAFPID-44",
            "CSAFPID-45",
            "CSAFPID-46",
            "CSAFPID-47",
            "CSAFPID-48",
            "CSAFPID-49",
            "CSAFPID-50",
            "CSAFPID-51",
            "CSAFPID-52",
            "CSAFPID-53"
          ]
        }
      ],
      "title": "CVE-2026-20810"
    },
    {
      "cve": "CVE-2026-20940",
      "cwe": {
        "id": "CWE-822",
        "name": "Untrusted Pointer Dereference"
      },
      "notes": [
        {
          "category": "other",
          "text": "Untrusted Pointer Dereference",
          "title": "CWE-822"
        },
        {
          "category": "description",
          "text": "A heap-based buffer overflow vulnerability in the Windows Cloud Files Mini Filter Driver allows an authorized attacker to locally elevate their privileges.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20",
          "CSAFPID-21",
          "CSAFPID-22",
          "CSAFPID-23",
          "CSAFPID-24",
          "CSAFPID-25",
          "CSAFPID-26",
          "CSAFPID-27",
          "CSAFPID-28",
          "CSAFPID-29",
          "CSAFPID-30",
          "CSAFPID-31",
          "CSAFPID-32",
          "CSAFPID-33",
          "CSAFPID-34",
          "CSAFPID-35",
          "CSAFPID-36",
          "CSAFPID-37",
          "CSAFPID-38",
          "CSAFPID-39",
          "CSAFPID-40",
          "CSAFPID-41",
          "CSAFPID-42",
          "CSAFPID-43",
          "CSAFPID-44",
          "CSAFPID-45",
          "CSAFPID-46",
          "CSAFPID-47",
          "CSAFPID-48",
          "CSAFPID-49",
          "CSAFPID-50",
          "CSAFPID-51",
          "CSAFPID-52",
          "CSAFPID-53"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-20940 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20940.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20",
            "CSAFPID-21",
            "CSAFPID-22",
            "CSAFPID-23",
            "CSAFPID-24",
            "CSAFPID-25",
            "CSAFPID-26",
            "CSAFPID-27",
            "CSAFPID-28",
            "CSAFPID-29",
            "CSAFPID-30",
            "CSAFPID-31",
            "CSAFPID-32",
            "CSAFPID-33",
            "CSAFPID-34",
            "CSAFPID-35",
            "CSAFPID-36",
            "CSAFPID-37",
            "CSAFPID-38",
            "CSAFPID-39",
            "CSAFPID-40",
            "CSAFPID-41",
            "CSAFPID-42",
            "CSAFPID-43",
            "CSAFPID-44",
            "CSAFPID-45",
            "CSAFPID-46",
            "CSAFPID-47",
            "CSAFPID-48",
            "CSAFPID-49",
            "CSAFPID-50",
            "CSAFPID-51",
            "CSAFPID-52",
            "CSAFPID-53"
          ]
        }
      ],
      "title": "CVE-2026-20940"
    },
    {
      "cve": "CVE-2026-20929",
      "cwe": {
        "id": "CWE-284",
        "name": "Improper Access Control"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Access Control",
          "title": "CWE-284"
        },
        {
          "category": "description",
          "text": "A vulnerability in Windows HTTP.sys allows an authorized attacker to exploit improper access control and gain elevated privileges over a network.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20",
          "CSAFPID-21",
          "CSAFPID-22",
          "CSAFPID-23",
          "CSAFPID-24",
          "CSAFPID-25",
          "CSAFPID-26",
          "CSAFPID-27",
          "CSAFPID-28",
          "CSAFPID-29",
          "CSAFPID-30",
          "CSAFPID-31",
          "CSAFPID-32",
          "CSAFPID-33",
          "CSAFPID-34",
          "CSAFPID-35",
          "CSAFPID-36",
          "CSAFPID-37",
          "CSAFPID-38",
          "CSAFPID-39",
          "CSAFPID-40",
          "CSAFPID-41",
          "CSAFPID-42",
          "CSAFPID-43",
          "CSAFPID-44",
          "CSAFPID-45",
          "CSAFPID-46",
          "CSAFPID-47",
          "CSAFPID-48",
          "CSAFPID-49",
          "CSAFPID-50",
          "CSAFPID-51",
          "CSAFPID-52",
          "CSAFPID-53"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-20929 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20929.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20",
            "CSAFPID-21",
            "CSAFPID-22",
            "CSAFPID-23",
            "CSAFPID-24",
            "CSAFPID-25",
            "CSAFPID-26",
            "CSAFPID-27",
            "CSAFPID-28",
            "CSAFPID-29",
            "CSAFPID-30",
            "CSAFPID-31",
            "CSAFPID-32",
            "CSAFPID-33",
            "CSAFPID-34",
            "CSAFPID-35",
            "CSAFPID-36",
            "CSAFPID-37",
            "CSAFPID-38",
            "CSAFPID-39",
            "CSAFPID-40",
            "CSAFPID-41",
            "CSAFPID-42",
            "CSAFPID-43",
            "CSAFPID-44",
            "CSAFPID-45",
            "CSAFPID-46",
            "CSAFPID-47",
            "CSAFPID-48",
            "CSAFPID-49",
            "CSAFPID-50",
            "CSAFPID-51",
            "CSAFPID-52",
            "CSAFPID-53"
          ]
        }
      ],
      "title": "CVE-2026-20929"
    },
    {
      "cve": "CVE-2026-0386",
      "cwe": {
        "id": "CWE-284",
        "name": "Improper Access Control"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Access Control",
          "title": "CWE-284"
        },
        {
          "category": "description",
          "text": "Improper access control in Windows Deployment Services allows unauthorized attackers to execute code on adjacent networks, posing a significant security risk.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20",
          "CSAFPID-21",
          "CSAFPID-22",
          "CSAFPID-23",
          "CSAFPID-24",
          "CSAFPID-25",
          "CSAFPID-26",
          "CSAFPID-27",
          "CSAFPID-28",
          "CSAFPID-29",
          "CSAFPID-30",
          "CSAFPID-31",
          "CSAFPID-32",
          "CSAFPID-33",
          "CSAFPID-34",
          "CSAFPID-35",
          "CSAFPID-36",
          "CSAFPID-37",
          "CSAFPID-38",
          "CSAFPID-39",
          "CSAFPID-40",
          "CSAFPID-41",
          "CSAFPID-42",
          "CSAFPID-43",
          "CSAFPID-44",
          "CSAFPID-45",
          "CSAFPID-46",
          "CSAFPID-47",
          "CSAFPID-48",
          "CSAFPID-49",
          "CSAFPID-50",
          "CSAFPID-51",
          "CSAFPID-52",
          "CSAFPID-53"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-0386 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-0386.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20",
            "CSAFPID-21",
            "CSAFPID-22",
            "CSAFPID-23",
            "CSAFPID-24",
            "CSAFPID-25",
            "CSAFPID-26",
            "CSAFPID-27",
            "CSAFPID-28",
            "CSAFPID-29",
            "CSAFPID-30",
            "CSAFPID-31",
            "CSAFPID-32",
            "CSAFPID-33",
            "CSAFPID-34",
            "CSAFPID-35",
            "CSAFPID-36",
            "CSAFPID-37",
            "CSAFPID-38",
            "CSAFPID-39",
            "CSAFPID-40",
            "CSAFPID-41",
            "CSAFPID-42",
            "CSAFPID-43",
            "CSAFPID-44",
            "CSAFPID-45",
            "CSAFPID-46",
            "CSAFPID-47",
            "CSAFPID-48",
            "CSAFPID-49",
            "CSAFPID-50",
            "CSAFPID-51",
            "CSAFPID-52",
            "CSAFPID-53"
          ]
        }
      ],
      "title": "CVE-2026-0386"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.