Skip to main content
Press slash or control plus K to focus the search. Use the arrow keys to navigate results and press enter to open a threat.
Reconnecting to live updates…

CVE-2026-20931: CWE-73: External Control of File Name or Path in Microsoft Windows 10 Version 1809

0
High
VulnerabilityCVE-2026-20931cvecve-2026-20931cwe-73
Published: Tue Jan 13 2026 (01/13/2026, 17:57:03 UTC)
Source: CVE Database V5
Vendor/Project: Microsoft
Product: Windows 10 Version 1809

Description

CVE-2026-20931 is a high-severity vulnerability in Microsoft Windows 10 Version 1809 affecting the Windows Telephony Service. It involves external control of file name or path (CWE-73), allowing an authorized attacker on an adjacent network to elevate privileges. The vulnerability has a CVSS score of 8. 0, indicating high impact on confidentiality, integrity, and availability without requiring user interaction. Exploitation requires low attack complexity and privileges but no user interaction. No known exploits are currently reported in the wild. The affected version is Windows 10 build 17763. 0 (Version 1809), which is an older Windows 10 release. European organizations using this version, especially in critical infrastructure or telecommunications, are at risk of privilege escalation attacks that could lead to system compromise. Mitigation involves upgrading to a patched Windows version or applying any available security updates from Microsoft.

AI-Powered Analysis

AILast updated: 02/04/2026, 08:57:42 UTC

Technical Analysis

CVE-2026-20931 is a vulnerability classified under CWE-73 (External Control of File Name or Path) affecting the Windows Telephony Service in Microsoft Windows 10 Version 1809 (build 17763.0). This flaw allows an attacker with authorized access on an adjacent network to manipulate file paths or file names used by the Telephony Service, leading to privilege escalation. The attacker can exploit this vulnerability to gain elevated privileges on the affected system, potentially compromising system confidentiality, integrity, and availability. The vulnerability has a CVSS v3.1 base score of 8.0, reflecting high severity due to its impact and ease of exploitation. The attack vector is adjacent network, meaning the attacker must have network access close to the victim, such as within the same LAN or VPN. The attack complexity is low, and only low privileges are required to initiate the exploit, with no user interaction needed. This vulnerability could be leveraged to execute arbitrary code or manipulate system files, resulting in full system compromise. No public exploits or active exploitation have been reported yet. The lack of patch links suggests that remediation may require upgrading to a newer Windows version or awaiting official patches. The vulnerability is significant for environments where Windows 10 Version 1809 is still in use, particularly in enterprise or industrial contexts where telephony services are critical.

Potential Impact

For European organizations, this vulnerability poses a substantial risk, especially those still running Windows 10 Version 1809 in production environments. Successful exploitation can lead to privilege escalation, allowing attackers to execute arbitrary code with elevated rights, potentially leading to full system compromise. This threatens confidentiality by exposing sensitive data, integrity by allowing unauthorized modifications, and availability by disrupting telephony or other dependent services. Critical sectors such as telecommunications, manufacturing, healthcare, and government agencies could face operational disruptions or data breaches. The requirement for adjacent network access limits remote exploitation but does not eliminate risk, particularly in environments with insufficient network segmentation or where insider threats exist. Legacy systems and delayed patching practices common in some European organizations increase exposure. The absence of known exploits in the wild provides a window for proactive mitigation, but the high CVSS score underscores the urgency of addressing this vulnerability to prevent future attacks.

Mitigation Recommendations

1. Upgrade affected systems from Windows 10 Version 1809 (build 17763.0) to a supported and patched Windows version, as no direct patch links are currently available. 2. If upgrading is not immediately feasible, restrict network access to the Windows Telephony Service by implementing strict network segmentation and firewall rules to limit adjacent network exposure. 3. Employ application whitelisting and endpoint protection solutions to detect and block suspicious activities related to file path manipulation. 4. Monitor network traffic and system logs for unusual access patterns or privilege escalation attempts targeting telephony services. 5. Conduct regular vulnerability assessments and penetration testing focusing on legacy Windows systems to identify and remediate similar weaknesses. 6. Educate IT staff about the risks associated with legacy Windows versions and the importance of timely patch management. 7. Disable or limit the use of the Windows Telephony Service on systems where it is not required to reduce the attack surface. 8. Prepare incident response plans specifically addressing privilege escalation scenarios to enable rapid containment if exploitation occurs.

Need more detailed analysis?Upgrade to Pro Console

Technical Details

Data Version
5.2
Assigner Short Name
microsoft
Date Reserved
2025-12-04T20:04:16.336Z
Cvss Version
3.1
State
PUBLISHED

Threat ID: 69668ae3a60475309f9ae1db

Added to database: 1/13/2026, 6:11:47 PM

Last enriched: 2/4/2026, 8:57:42 AM

Last updated: 2/5/2026, 2:42:47 AM

Views: 206

Community Reviews

0 reviews

Crowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.

Sort by
Loading community insights…

Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.

Actions

PRO

Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.

Please log in to the Console to use AI analysis features.

Need more coverage?

Upgrade to Pro Console in Console -> Billing for AI refresh and higher limits.

For incident response and remediation, OffSeq services can help resolve threats faster.

Latest Threats