Windows COM Type Confusion Allows Local Information Disclosure

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

5.5

Windows COM Type Confusion Allows Local Information Disclosure

CVE-2026-20806

Summary

A flaw in Windows COM can allow attackers with local access to access sensitive information. This means that a user with normal privileges on a Windows system could potentially read data they shouldn't be able to access. To protect your system, apply the latest Windows updates as soon as possible.

Original title

Access of resource using incompatible type ('type confusion') in Windows COM allows an authorized attacker to disclose information locally.

Original description

Access of resource using incompatible type ('type confusion') in Windows COM allows an authorized attacker to disclose information locally.

nvd CVSS3.1 5.5

Vulnerability type

CWE-843 Type Confusion

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20806

Published: 14 Apr 2026 · Updated: 15 Apr 2026 · First seen: 14 Apr 2026