Windows Win32K - ICOMP Information Disclosure Vulnerability
Exposure of sensitive information to an unauthorized actor in Windows Win32K - ICOMP allows an authorized attacker to disclose information locally.
MSRC compact vulnerability detail
CVE-2026-20805 · Desktop Window Manager Information Disclosure Vulnerability
Exposure of sensitive information to an unauthorized actor in Desktop Windows Manager allows an authorized attacker to disclose information locally.
Signals
Desktop Window Manager
Information Disclosure
Exploited: Yes
Publicly disclosed: No
Exploitability: Exploitation Detected
CWE
Patch Diff
Loading module diff metadata...
Resolved binary override
Use this when the MSRC module name cannot be mapped automatically or the resolved binary looks wrong.
Description
Exposure of sensitive information to an unauthorized actor in Desktop Windows Manager allows an authorized attacker to disclose information locally.
FAQ / Articles
FAQ
What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability is a section address from a remote ALPC port which is user-mode memory.
Desktop Windows Manager Information Disclosure Vulnerability
Exposure of sensitive information to an unauthorized actor in Desktop Windows Manager allows an authorized attacker to disclose information locally.