CVE-2026-20868 Microsoft — Exploit & Vulnerability Details HIGH

Parameter	Value
CVSS	8.8 (HIGH)
Affected Versions	before 10.0.26200.7623
Fixed In	10.0.14393.8783
Type	CWE-122 (Heap-based Buffer Overflow)
Vendor	Microsoft
Public PoC	No

Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.

Attack Parameters

Attack Vector

Network

Can be exploited remotely

Attack Complexity

Low

Easy to exploit

Privileges Required

None

No privileges needed

User Interaction

Required

User action required

Impact Assessment

Confidentiality

High

Complete data leak

Integrity

High

Complete data modification

Availability

High

Complete denial of service

CVSS Vector v3.1

Weakness Type (CWE)

CWE-122 Heap-based Buffer Overflow

Vulnerable Products 19

Configuration	From (including)	Up to (excluding)
Microsoft Windows_10_1607 cpe:2.3:o:microsoft:windows_10_1607:::::::x64:*	—	`10.0.14393.8783`
Microsoft Windows_10_1607 cpe:2.3:o:microsoft:windows_10_1607:::::::x86:*	—	`10.0.14393.8783`
Microsoft Windows_10_1809 cpe:2.3:o:microsoft:windows_10_1809:::::::x64:*	—	`10.0.17763.8276`
Microsoft Windows_10_1809 cpe:2.3:o:microsoft:windows_10_1809:::::::x86:*	—	`10.0.17763.8276`
Microsoft Windows_10_21h2 cpe:2.3:o:microsoft:windows_10_21h2::::::::	—	`10.0.19044.6809`
Microsoft Windows_10_22h2 cpe:2.3:o:microsoft:windows_10_22h2::::::::	—	`10.0.19045.6809`
Microsoft Windows_11_23h2 cpe:2.3:o:microsoft:windows_11_23h2::::::::	—	`10.0.22631.6491`
Microsoft Windows_11_24h2 cpe:2.3:o:microsoft:windows_11_24h2::::::::	—	`10.0.26100.7623`
Microsoft Windows_11_25h2 cpe:2.3:o:microsoft:windows_11_25h2::::::::	—	`10.0.26200.7623`
Microsoft Windows_Server_2008 cpe:2.3:o:microsoft:windows_server_2008:-:sp2:::::x64:*	—	—
Microsoft Windows_Server_2008 cpe:2.3:o:microsoft:windows_server_2008:-:sp2:::::x86:*	—	—
Microsoft Windows_Server_2008 cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:::::x64:*	—	—
Microsoft Windows_Server_2012 cpe:2.3:o:microsoft:windows_server_2012:-:::::::*	—	—
Microsoft Windows_Server_2012 cpe:2.3:o:microsoft:windows_server_2012:r2:::::::*	—	—
Microsoft Windows_Server_2016 cpe:2.3:o:microsoft:windows_server_2016::::::::	—	`10.0.14393.8783`
Microsoft Windows_Server_2019 cpe:2.3:o:microsoft:windows_server_2019::::::::	—	`10.0.17763.8276`
Microsoft Windows_Server_2022 cpe:2.3:o:microsoft:windows_server_2022::::::::	—	`10.0.20348.4648`
Microsoft Windows_Server_2022_23h2 cpe:2.3:o:microsoft:windows_server_2022_23h2::::::::	—	`10.0.25398.2092`
Microsoft Windows_Server_2025 cpe:2.3:o:microsoft:windows_server_2025::::::::	—	`10.0.26100.32230`

References 1

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20868

secure@microsoft.com

Share Post Share Share Share

Related Vulnerabilities

CVE-2026-4680

Google

8.8

CVE-2026-4679

Google

8.8

CVE-2026-4678

Google

8.8

CVE-2026-4677

Google

8.8

CVE-2026-4676

Google

8.8

Menu

CVE-2026-20868

Attack Parameters

Impact Assessment

CVSS Vector v3.1

Weakness Type (CWE)

Vulnerable Products 19

References 1

Related Vulnerabilities

CVE-2026-4680

CVE-2026-4679

CVE-2026-4678

CVE-2026-4677

CVE-2026-4676

CVE Details

Editor's Choice

Menu

CVE-2026-20868

Attack Parameters

Impact Assessment

CVSS Vector v3.1

Weakness Type (CWE)

Vulnerable Products 19

References 1

Related Vulnerabilities

CVE-2026-4680

CVE-2026-4679

CVE-2026-4678

CVE-2026-4677

CVE-2026-4676

CVE Details

Editor's Choice

Stay informed on cybersecurity