NVD HIGH: CVE-2026-20767 — Improper input validation for some Intel(R) QAT software drivers for Windows bef...

Tuesday, May 12, 2026 at 06:16 PM UTC·Source: NIST NVD

Updated: Monday, May 18, 2026 at 06:00 AM UTC

Executive Summary

Analysis

Improper input validation for some Intel(R) QAT software drivers for Windows before version 1.13 within Ring 3: User Applications may allow an escalation of privilege. Unprivileged software adversary with an authenticated user combined with a low complexity attack may enable escalation of privilege. This result may potentially occur via local access when attack requirements are not present without special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (high), integrity (high) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts. CVSS Score: 7.8. Published: 2026-05-12T18:16:37.433.

Indicators of Compromise (1)

CVE (1)

CVE-2026-20767

NVD MITRE CVE

Source Attribution

Originally published by NIST NVD on May 12, 2026. Verified by: NIST.

Related Threats

MEDIUMVulnerability

Hackers Earn $1.3 Million at Pwn2Own Berlin 2026

Participants demonstrated exploits for Windows, Linux, VMware, Nvidia, and AI products. The post Hackers Earn $1.3 Million at Pwn2Own Berlin 2026 appeared first on SecurityWeek .

2h agoSecurityWeek

MEDIUMVulnerability

Former CISA nominee Sean Plankey named US CEO of defense startup

UFORCE, a London-based company founded by Ukrainians, is looking to make drones in America. The post Former CISA nominee Sean Plankey named US CEO of defense startup appeared first on CyberScoop .

2h agoCyberScoop

MEDIUMVulnerability

Weekly Update 504

It's a hot topic, the old "pay or don't pay" for hackers not to leak your data. Since recording this a few days ago, we've had Grafana go with the "no pay" approach , and I've seen a raft

2h agoTroy Hunt