{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-20830", "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "state": "PUBLISHED", "assignerShortName": "microsoft", "dateReserved": "2025-12-03T05:54:20.375Z", "datePublished": "2026-01-13T17:56:50.400Z", "dateUpdated": "2026-04-01T13:48:59.620Z"}, "containers": {"cna": {"title": "Capability Access Management Service (camsvc) Elevation of Privilege Vulnerability", "datePublic": "2026-01-13T16:00:00.000Z", "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*", "versionStartIncluding": "10.0.26100.0", "versionEndExcluding": "10.0.26100.32230"}, {"vulnerable": true, "criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*", "versionStartIncluding": "10.0.26100.0", "versionEndExcluding": "10.0.26100.32230"}]}]}], "affected": [{"vendor": "Microsoft", "product": "Windows Server 2025", "platforms": ["x64-based Systems"], "versions": [{"version": "10.0.26100.0", "lessThan": "10.0.26100.32230", "versionType": "custom", "status": "affected"}]}, {"vendor": "Microsoft", "product": "Windows Server 2025 (Server Core installation)", "platforms": ["x64-based Systems"], "versions": [{"version": "10.0.26100.0", "lessThan": "10.0.26100.32230", "versionType": "custom", "status": "affected"}]}], "descriptions": [{"value": "Concurrent execution using shared resource with improper synchronization ('race condition') in Capability Access Management Service (camsvc) allows an authorized attacker to elevate privileges locally.", "lang": "en-US"}], "problemTypes": [{"descriptions": [{"description": "CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')", "lang": "en-US", "type": "CWE", "cweId": "CWE-362"}, {"description": "CWE-416: Use After Free", "lang": "en-US", "type": "CWE", "cweId": "CWE-416"}]}], "providerMetadata": {"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft", "dateUpdated": "2026-04-01T13:48:59.620Z"}, "references": [{"name": "Capability Access Management Service (camsvc) Elevation of Privilege Vulnerability", "tags": ["vendor-advisory", "patch"], "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20830"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en-US", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "baseSeverity": "HIGH", "baseScore": 7, "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C"}}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-20830", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-01-14T04:55:49.448993Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-26T15:04:25.550Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-20830", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-01-14T04:55:49.448993Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-13T21:43:26.302Z"}}], "cna": {"title": "Capability Access Management Service (camsvc) Elevation of Privilege Vulnerability", "metrics": [{"format": "CVSS", "cvssV3_1": {"version": "3.1", "baseScore": 7, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C"}, "scenarios": [{"lang": "en-US", "value": "GENERAL"}]}], "affected": [{"vendor": "Microsoft", "product": "Windows Server 2025", "versions": [{"status": "affected", "version": "10.0.26100.0", "lessThan": "10.0.26100.32230", "versionType": "custom"}], "platforms": ["x64-based Systems"]}, {"vendor": "Microsoft", "product": "Windows Server 2025 (Server Core installation)", "versions": [{"status": "affected", "version": "10.0.26100.0", "lessThan": "10.0.26100.32230", "versionType": "custom"}], "platforms": ["x64-based Systems"]}], "datePublic": "2026-01-13T16:00:00.000Z", "references": [{"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20830", "name": "Capability Access Management Service (camsvc) Elevation of Privilege Vulnerability", "tags": ["vendor-advisory", "patch"]}], "descriptions": [{"lang": "en-US", "value": "Concurrent execution using shared resource with improper synchronization ('race condition') in Capability Access Management Service (camsvc) allows an authorized attacker to elevate privileges locally."}], "problemTypes": [{"descriptions": [{"lang": "en-US", "type": "CWE", "cweId": "CWE-362", "description": "CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')"}, {"lang": "en-US", "type": "CWE", "cweId": "CWE-416", "description": "CWE-416: Use After Free"}]}], "cpeApplicability": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "10.0.26100.32230", "versionStartIncluding": "10.0.26100.0"}, {"criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "10.0.26100.32230", "versionStartIncluding": "10.0.26100.0"}], "operator": "OR"}]}], "providerMetadata": {"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft", "dateUpdated": "2026-04-01T13:48:59.620Z"}}}, "cveMetadata": {"cveId": "CVE-2026-20830", "state": "PUBLISHED", "dateUpdated": "2026-04-01T13:48:59.620Z", "dateReserved": "2025-12-03T05:54:20.375Z", "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "datePublished": "2026-01-13T17:56:50.400Z", "assignerShortName": "microsoft"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*", "matchCriteriaId": "C6BE8CAC-3A47-48FC-A0FD-F0F0ADD2A9CE", "versionEndExcluding": "10.0.26100.7623", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Concurrent execution using shared resource with improper synchronization ('race condition') in Capability Access Management Service (camsvc) allows an authorized attacker to elevate privileges locally."}], "id": "CVE-2026-20830", "lastModified": "2026-01-15T13:06:09.143", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.0, "impactScore": 5.9, "source": "secure@microsoft.com", "type": "Primary"}]}, "published": "2026-01-13T18:16:10.817", "references": [{"source": "secure@microsoft.com", "tags": ["Vendor Advisory"], "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20830"}], "sourceIdentifier": "secure@microsoft.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-362"}, {"lang": "en", "value": "CWE-416"}], "source": "secure@microsoft.com", "type": "Primary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-16T18:14:25.956547+00:00", "value": {"mitigation_remediation": ["Apply the latest cumulative update for Windows Server\u202f2025 that contains the fix for CVE\u20112026\u201120830.", "Restrict local user accounts from accessing the Capability Access Management Service to prevent the race condition from triggering.", "If adding the update is delayed, disable or remove the camsvc service from systems that do not require it, or otherwise lock it down until a patch is applied."], "summary": {"action": "Patch", "impact": "Privilege Escalation"}, "threat_synthesis": {"affected_systems": "Microsoft Windows Server\u202f2025, including the Server Core deployment, are affected by this flaw. No other operating system versions or product variants are listed as impacted by the CNA. Users running these editions should verify that the server has the latest cumulative updates that address the mentioned issue.", "description_and_impact": "The vulnerability in the Capability Access Management Service (camsvc) is a classic race condition caused by improper synchronization of shared resources. When two or more processes access the same critical section concurrently, an attacker can manipulate the timing to trigger a privilege escalation. This flaw permits an authorized local user to elevate leverage to higher privileged levels, compromising confidentiality and integrity of the system. The weaknesses involved are described by CWE\u2011362 (Race Condition) and CWE\u2011416 (Use After Free).", "risk_and_exploitability": "The CVSS score of 7 denotes a high severity, while the EPSS score of less than 1% indicates a low but non\u2011zero likelihood of exploitation in the wild. Currently the vulnerability is not catalogued as a known exploited vulnerability by CISA. The attack vector is local, requiring the attacker to already have some level of authorized access. However, once the race condition is triggered the attacker gains elevated privileges, enabling further damage or persistence. Because the flaw is a local privilege escalation, active monitoring of sensitive services and strict least\u2011privilege controls are essential to mitigate risk until a patch is applied."}}}}, "created": "2026-04-16T18:15:43.301313+00:00", "updated": "2026-04-16T18:15:43.301323+00:00", "vendors": []}