CVE-2026-20821: Remote Procedure Call Information Disclosure Vulnerability CVE ID: CVE-2026-20821 Release Date: Jan 13, 2026 Assigning CNA: Microsoft Impact: Information Disclosure Max Severity: Important Weakness: CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CVSS Metrics: - Version: 3.1 - Attack Vector: Local - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Confidentiality: High - Integrity: None - Availability: None Key Points: This vulnerability could lead to information disclosure if exploited. The risk is considered important due to the potential for exposing sensitive data. No privilege escalation is required, and the attack complexity is relatively low. The metrics indicate a high confidentiality impact but no integrity or availability impact.