| CVE Number | Vulnerability | Product | Severity | Date |
|---|---|---|---|---|
| CVE-2026-20876 | Windows Virtualization-Based Security (VBS) Enclave Elevation of Privilege Vulnerability | Windows 11, Windows Server | Critical | 29-01-2026 |
Technical Information
An authenticated attacker could exploit a heap-based buffer overflow in the Windows Virtualization-Based Security (VBS) Enclave to elevate privileges to Virtual Trust Level 2 (VTL2).
Patch release date: Jan 13, 2026
Further information on this vulnerability is available at : CVE-2026-20876
Affected Software
Windows Server 2025 (Server Core installation),Windows 11 Version 25H2 for ARM64-based Systems,
Windows 11 Version 25H2 for x64-based Systems,
Windows 11 Version 23H2 for ARM64-based Systems,
Windows 11 Version 23H2 for x64-based Systems,
Windows Server 2022, 23H2 Edition (Server Core installation),
Windows 11 Version 24H2 for ARM64-based Systems,
Windows 11 Version 24H2 for x64-based Systems,
Windows Server 2025