CVE-2026-20936 is an out-of-bounds read vulnerability classified under CWE-125 found in the Windows Network Driver Interface Specification (NDIS) component of Microsoft Windows 10 Version 1809 (build 17763.0). This vulnerability arises from improper bounds checking in the NDIS code, which allows an attacker with authorized local access and physical presence to read memory beyond the intended buffer limits. The flaw does not allow modification of data or denial of service but can lead to disclosure of sensitive information residing in adjacent memory areas. Exploitation requires the attacker to have local privileges and physical access to the affected system, as the attack vector is physical. No user interaction is necessary, and the vulnerability does not propagate across the network. The CVSS v3.1 base score is 4.3 (medium severity), reflecting the limited attack vector (physical), low complexity, and high confidentiality impact. As of the publication date, no known exploits have been reported in the wild, and no official patches have been released by Microsoft. Organizations running Windows 10 Version 1809, which is an older and out-of-support version, remain vulnerable if physical access controls are weak. The vulnerability underscores the importance of maintaining up-to-date systems and enforcing strict physical security policies to prevent unauthorized local access.

For European organizations, the primary impact of CVE-2026-20936 is the potential unauthorized disclosure of sensitive information due to an out-of-bounds read in the Windows NDIS component. While the vulnerability does not affect system integrity or availability, the confidentiality breach could expose critical data, including network-related information or other memory-resident secrets. This risk is particularly relevant for organizations with legacy Windows 10 1809 deployments in environments where physical access controls are insufficient, such as public-facing kiosks, shared workstations, or facilities with lax security. Sectors like government, finance, healthcare, and critical infrastructure may face heightened risks due to the sensitivity of their data and the potential for physical access by insiders or attackers. The lack of known exploits reduces immediate risk, but the absence of patches means the vulnerability remains exploitable if discovered by adversaries. The medium severity rating indicates a moderate threat level, but the physical access requirement limits the scope of impact primarily to environments with poor physical security or insider threats.

1. Upgrade affected systems from Windows 10 Version 1809 to a supported and patched Windows version to eliminate the vulnerability entirely. 2. Enforce strict physical security controls to prevent unauthorized physical access to devices, including secure facility access, locked workstations, and surveillance. 3. Implement endpoint security solutions that monitor and alert on unusual local activity or privilege escalations. 4. Restrict local user privileges to the minimum necessary to reduce the risk of authorized attackers exploiting the vulnerability. 5. Conduct regular audits of physical access logs and device configurations to detect potential unauthorized access. 6. Educate employees and contractors about the risks of physical access attacks and the importance of safeguarding devices. 7. If upgrading is not immediately feasible, consider isolating vulnerable systems from sensitive networks and data to limit potential exposure. 8. Monitor official Microsoft channels for patches or updates addressing this vulnerability and apply them promptly once available.