This vulnerability (CVE-2026-20838) involves the generation of error messages by the Windows Kernel in Windows 11 version 22H3 (build 10.0.22631.0) that contain sensitive information. An authorized attacker with local access and low privileges can exploit this to disclose sensitive information. The vulnerability is classified under CWE-209 (Generation of Error Message Containing Sensitive Information). The CVSS 3.1 base score is 5.5, reflecting a medium severity with local attack vector, low complexity, and no user interaction required. The vulnerability does not impact integrity or availability, only confidentiality. No known exploits are reported in the wild. A patch is available from Microsoft to remediate this issue.

An authorized local attacker can obtain sensitive information from error messages generated by the Windows Kernel, potentially aiding further attacks or information gathering. The impact is limited to confidentiality disclosure without affecting system integrity or availability. No known active exploitation has been reported.

A patch is available to address this vulnerability. It is recommended to apply the official Microsoft update for Windows 11 version 22H3 (build 10.0.22631.0) to remediate this issue. Since this is a local information disclosure vulnerability, applying the patch will prevent unauthorized sensitive information leakage via error messages.