| CVE Number | Vulnerability | Product | Severity | Date |
|---|---|---|---|---|
| CVE-2026-20854 | Windows Local Security Authority Subsystem Service (LSASS) Remote Code Execution Vulnerability | Windows 11, Windows Server | Critical | 29-01-2026 |
Technical Information
An authenticated attacker could exploit a use-after-free vulnerability to achieve remote code execution over the network by manipulating directory attributes and carefully preparing the target environment to reliably trigger invalid memory access during authentication, which can potentially lead to a crash or other unintended behavior.
Patch release date: Jan 13, 2026
Further information on this vulnerability is available at : CVE-2026-20854
Affected Software
Windows Server 2025 (Server Core installation),Windows 11 Version 25H2 for ARM64-based Systems,
Windows 11 Version 25H2 for x64-based Systems,
Windows 11 Version 24H2 for ARM64-based Systems,
Windows 11 Version 24H2 for x64-based Systems,
Windows Server 2025