CVE-2026-20868:

Critical heap-based buffer overflow in Windows RRAS allows remote code execution.

Score
A numerical rating that indicates how dangerous this vulnerability is.

8.8High

Published Date:Jan 13, 2026
CISA KEV Date:*No Data*
Industries Affected:20

Threat Predictions

EPSS Score:0.1
EPSS Percentile:30%

Exploitability

Score:2.8
Attack Vector:NETWORK
Attack Complexity:LOW
Privileges Required:NONE
User Interaction:REQUIRED
Scope:UNCHANGED

Impact

Score:5.9
Confidentiality Impact:HIGH
Integrity Impact:HIGH
Availability Impact:HIGH

Description Preview

Critical heap-based buffer overflow in Windows RRAS allows remote code execution.

Overview

The vulnerability in Windows RRAS is a heap-based buffer overflow, classified as CWE-122. It can be exploited remotely with low attack complexity and requires no privileges, though user interaction is necessary. The attack vector is network-based, allowing for remote exploitation. If successfully exploited, this vulnerability could lead to a complete compromise of system confidentiality, integrity, and availability. The critical nature of RRAS in network infrastructure makes this vulnerability particularly concerning for organizations relying on Windows server environments.

Remediation

To mitigate the risk posed by this vulnerability, organizations should:
1. Apply the security update provided by Microsoft as soon as it becomes available.
2. Implement network segmentation to limit potential attack vectors.
3. Monitor RRAS-related network traffic for suspicious activity.
4. Consider temporarily disabling RRAS if not critically needed until a patch is applied.
5. Ensure all Windows systems, especially those running RRAS, are kept up-to-date with the latest security patches.
6. Implement the principle of least privilege for user accounts and services.
7. Use intrusion detection and prevention systems to identify and block potential exploitation attempts.