CVE-2026-20851 is a security vulnerability classified under CWE-125 (Out-of-bounds Read) affecting Microsoft Windows Server 2025, specifically the Server Core installation variant version 10.0.26100.0. The flaw exists in the Capability Access Management Service (camsvc), a component responsible for managing access capabilities within the OS. An out-of-bounds read occurs when the service reads memory locations outside the intended buffer boundaries, which can lead to unauthorized disclosure of sensitive information stored in adjacent memory. This vulnerability can be exploited locally without requiring any privileges or user interaction, making it accessible to any local attacker with access to the system. The vulnerability impacts confidentiality by allowing attackers to glean information that could be leveraged for further attacks, but it does not affect system integrity or availability. The CVSS 3.1 base score is 6.2, reflecting a medium severity due to the local attack vector and limited scope of impact. No patches or exploit code are currently publicly available, and no known exploits have been observed in the wild. The vulnerability was reserved in December 2025 and published in January 2026, indicating recent discovery and disclosure. Organizations running Windows Server 2025 Server Core should be aware of this issue and prepare to deploy patches once released by Microsoft.

For European organizations, this vulnerability poses a risk primarily to confidentiality of sensitive information on affected Windows Server 2025 Server Core systems. Since the attack requires local access but no privileges or user interaction, insider threats or attackers who have gained limited local access could exploit this flaw to extract sensitive data. This could include credentials, cryptographic keys, or other sensitive configuration data stored in memory. Although the vulnerability does not directly impact system integrity or availability, the information disclosure could facilitate further attacks such as privilege escalation or lateral movement within networks. Critical infrastructure, financial institutions, and enterprises relying on Windows Server 2025 Server Core for core services may face increased risk if attackers leverage this vulnerability as part of a multi-stage attack. The absence of known exploits currently reduces immediate risk, but the medium severity score and potential for sensitive data leakage warrant proactive mitigation. The impact is more pronounced in environments with high-value data and stringent confidentiality requirements.

Since no patches are currently available, European organizations should implement compensating controls to reduce risk. These include restricting local access to Windows Server 2025 Server Core systems to trusted personnel only, enforcing strict access controls and monitoring for unusual local activity. Employing endpoint detection and response (EDR) solutions can help identify suspicious behavior indicative of exploitation attempts. Organizations should also audit and limit the use of the Capability Access Management Service where possible and ensure that systems are hardened according to Microsoft’s security best practices. Once Microsoft releases a patch, immediate deployment is critical. Additionally, organizations should maintain up-to-date backups and conduct regular security assessments to detect potential exploitation. Network segmentation can limit attacker movement if local compromise occurs. Finally, educating administrators about this vulnerability and encouraging vigilance for signs of insider threats or unauthorized local access will further mitigate risk.