CVE-2026-20854 · Windows Local Security Authority Subsystem Service (LSASS) Remote Code Execution Vulnerability

Use after free in Windows Local Security Authority Subsystem Service (LSASS) allows an authorized attacker to execute code over a network.

How could an attacker exploit this vulnerability? An attacker with the ability to modify certain directory attributes could provide crafted data that causes the system to reference invalid memory during authentication, potentially leading to a crash or other unintended behavior.

According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability? Any authenticated attacker could trigger this vulnerability. It does not require admin or other elevated privileges.

Use after free in Windows Local Security Authority Subsystem Service (LSASS) allows an authorized attacker to execute code over a network.

According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to prepare the target environment to improve exploit reliability.

Use after free in Windows Local Security Authority Subsystem Service (LSASS) allows an authorized attacker to execute code locally.

Use after free in Windows Local Security Authority Subsystem Service (LSASS) allows an authorized attacker to execute code over a network.

Use after free in Windows Local Security Authority Subsystem Service (LSASS) allows an authorized attacker to execute code over a network.

Use after free in Windows Local Security Authority Subsystem Service (LSASS) allows an authorized attacker to execute code locally.

Use after free in Windows Local Security Authority Subsystem Service (LSASS) allows an authorized attacker to execute code over a network.