CVE-2026-20843

Q: What is the severity of CVE-2026-20843?

CVE-2026-20843 has a CVSS score of 7.8 (HIGH). This vulnerability in Windows Routing and Remote Access Service (RRAS) allows authenticated attackers to escalate privileges on the local system. Attackers with valid credentials can exploit improper access controls to gain higher privileges than intended. This affects Windows systems with RRAS enabled.

7.8 HIGH

📋 TL;DR

This vulnerability in Windows Routing and Remote Access Service (RRAS) allows authenticated attackers to escalate privileges on the local system. Attackers with valid credentials can exploit improper access controls to gain higher privileges than intended. This affects Windows systems with RRAS enabled.

💻 Affected Systems

Products:

Windows Routing and Remote Access Service (RRAS)

Versions: Specific versions not specified in provided reference; check Microsoft advisory for exact affected versions

Operating Systems: Windows Server, Windows Desktop versions with RRAS

Default Config Vulnerable: ✅ No

Notes: Only vulnerable when RRAS is enabled and configured. Not all Windows installations have this service running by default.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise with administrative privileges, enabling installation of persistent malware, data theft, and lateral movement across the network.

🟠

Likely Case

Local privilege escalation allowing attackers to bypass security controls, access sensitive data, and maintain persistence on compromised systems.

🟢

If Mitigated

Limited impact with proper network segmentation, least privilege access, and monitoring in place, though local compromise still possible.

🌐 Internet-Facing: LOW - Requires authenticated access, typically not exposed directly to internet.

🏢 Internal Only: HIGH - Internal attackers or compromised accounts can exploit this to escalate privileges and move laterally.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Requires authenticated access but likely straightforward exploitation once authenticated. No public exploit code known at this time.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check Microsoft Security Update Guide for specific KB numbers

Vendor Advisory: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20843

Restart Required: Yes

Instructions:

1. Apply latest Windows security updates from Microsoft. 2. Install the specific patch for CVE-2026-20843. 3. Restart affected systems as required.

🔧 Temporary Workarounds

Disable RRAS if not needed

windows

Disable the Routing and Remote Access Service on systems where it's not required

sc config RemoteAccess start= disabled
sc stop RemoteAccess

Restrict RRAS access

windows

Configure RRAS to only allow connections from authorized users and systems

🧯 If You Can't Patch

Implement strict network segmentation to isolate systems with RRAS
Enforce least privilege access and monitor for privilege escalation attempts

🔍 How to Verify

Check if Vulnerable:

Check if RRAS service is running and system has not applied the security patch for CVE-2026-20843

Check Version:

wmic service where name='RemoteAccess' get name,state,pathname

Verify Fix Applied:

Verify Windows Update history shows the patch applied and RRAS service version is updated

📡 Detection & Monitoring

Log Indicators:

Unusual privilege escalation events
RRAS service configuration changes
Failed authentication attempts followed by successful privilege escalation

Network Indicators:

Unexpected RRAS connections from unauthorized sources
Anomalous network routing changes

SIEM Query:

EventID=4672 OR EventID=4688 | where ProcessName contains 'rras' OR ServiceName contains 'RemoteAccess'

📊 Metadata

CVE ID: CVE-2026-20843

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-284

EPSS Score: 0.07% exploit probability (21.3th percentile)

Published: January 13, 2026

Last Updated: January 15, 2026

🔗 References

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20843 Vendor Advisory

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Windows 10 1607 by Microsoft

Windows 10 1607 by Microsoft

Windows 10 1809 by Microsoft

Windows 10 1809 by Microsoft

Windows 10 21h2 by Microsoft

Windows 10 22h2 by Microsoft

Windows 11 23h2 by Microsoft

Windows 11 24h2 by Microsoft

Windows 11 25h2 by Microsoft

Windows Server 2008 by Microsoft

Windows Server 2008 by Microsoft

Windows Server 2008 by Microsoft

Windows Server 2012 by Microsoft

Windows Server 2012 by Microsoft

Windows Server 2016 by Microsoft

Windows Server 2019 by Microsoft

Windows Server 2022 by Microsoft

Windows Server 2022 23h2 by Microsoft

Windows Server 2025 by Microsoft

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Disable RRAS if not needed

Restrict RRAS access

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities