CVE-2026-20839

Q: What is the severity of CVE-2026-20839?

CVE-2026-20839 has a CVSS score of 5.5 (MEDIUM). This vulnerability allows an authorized attacker on a Windows system to access sensitive information through improper access control in the Client-Side Caching (CSC) service. It affects Windows systems with CSC enabled, allowing local information disclosure of cached network files.

5.5 MEDIUM

📋 TL;DR

This vulnerability allows an authorized attacker on a Windows system to access sensitive information through improper access control in the Client-Side Caching (CSC) service. It affects Windows systems with CSC enabled, allowing local information disclosure of cached network files.

💻 Affected Systems

Products:

Windows Client-Side Caching Service

Versions: Specific Windows versions as listed in Microsoft advisory

Operating Systems: Windows 10, Windows 11, Windows Server 2016, Windows Server 2019, Windows Server 2022

Default Config Vulnerable: ⚠️ Yes

Notes: Requires CSC service to be enabled and in use for network file caching.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

An authenticated attacker could access sensitive cached files from network shares that should be restricted, potentially exposing confidential data.

🟠

Likely Case

Local users could access cached files they shouldn't have permission to view, leading to information disclosure of network-shared content.

🟢

If Mitigated

With proper access controls and patching, the risk is limited to authorized users accessing only their own cached content.

🌐 Internet-Facing: LOW - This is a local vulnerability requiring authenticated access to the system.

🏢 Internal Only: MEDIUM - Internal users with local access could exploit this to access cached network files beyond their permissions.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Requires local authenticated access to the Windows system.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check Microsoft Security Update Guide for specific KB numbers

Vendor Advisory: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20839

Restart Required: Yes

Instructions:

1. Apply the latest Windows security updates from Microsoft. 2. Install the specific KB patch for this CVE. 3. Restart the system to complete the installation.

🔧 Temporary Workarounds

Disable Client-Side Caching

windows

Temporarily disable the CSC service to prevent exploitation until patching is complete

sc config csc start= disabled
sc stop csc

Restrict Local Access

windows

Implement strict local access controls and limit user privileges

🧯 If You Can't Patch

Implement strict least-privilege access controls for local users
Disable or restrict Client-Side Caching for sensitive network shares

🔍 How to Verify

Check if Vulnerable:

Check Windows Update history for the specific KB patch or use: wmic qfe list | findstr KB

Check Version:

systeminfo | findstr /B /C:"OS Name" /C:"OS Version"

Verify Fix Applied:

Verify the patch is installed via Windows Update history or systeminfo command

📡 Detection & Monitoring

Log Indicators:

Unusual access patterns to CSC cache files
Failed access attempts to restricted cached content

Network Indicators:

N/A - Local vulnerability only

SIEM Query:

EventID 4663 with ObjectName containing CSC paths from unauthorized users

📊 Metadata

CVE ID: CVE-2026-20839

CVSS v3 Score: 5.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CWE: CWE-284

EPSS Score: 0.05% exploit probability (13.5th percentile)

Published: January 13, 2026

Last Updated: January 15, 2026

🔗 References

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20839 Vendor Advisory

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Windows 10 1607 by Microsoft

Windows 10 1607 by Microsoft

Windows 10 1809 by Microsoft

Windows 10 1809 by Microsoft

Windows 10 21h2 by Microsoft

Windows 10 22h2 by Microsoft

Windows 11 23h2 by Microsoft

Windows 11 24h2 by Microsoft

Windows 11 25h2 by Microsoft

Windows Server 2008 by Microsoft

Windows Server 2012 by Microsoft