Windows Management Services allows local privilege escalation via race condition

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

7.8

Windows Management Services allows local privilege escalation via race condition

CVE-2026-20930

Summary

Windows Management Services has a bug that can let authorized users gain more access on a local computer than they should have. This could let them do things they shouldn't be able to do, like install software or change system settings. To stay safe, ensure you're running the latest version of Windows Management Services.

Original title

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Management Services allows an authorized attacker to elevate privileges locally.

Original description

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Management Services allows an authorized attacker to elevate privileges locally.

nvd CVSS3.1 7.8

Vulnerability type

CWE-362 Race Condition

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20930

Published: 14 Apr 2026 · Updated: 14 Apr 2026 · First seen: 14 Apr 2026