oxfemale

oxfemale / CVE-2026-20817

Public

Windows Error Reporting ALPC Elevation of Privilege (CVE-2026-20817) - Proof-of-Concept exploit demonstrating local privilege escalation via WER service.

74
14
69% credibility
Found Feb 25, 2026 at 47 stars -- GitGems finds repos before they trend. Get early access to the next one.
Sign Up Free
AI Analysis
C++
AI Summary

Proof-of-concept code demonstrating a privilege escalation vulnerability in the Windows Error Reporting service allowing low-privileged users to execute code as SYSTEM.

How It Works

1
🔍 Discover the Demo

You come across this GitHub project while looking into Windows security flaws and error handling weaknesses.

2
📖 Learn What It Shows

You read the guide explaining how a regular user can gain top-level system control through a hidden flaw in the error reporting tool.

3
💻 Ready Your Test Area

You set up a safe, isolated old Windows computer without the latest fixes just for trying this out.

4
🚀 Start the Test

You launch the easy-to-run demo program, which reaches out to the error service and runs a sample command with full system powers.

5
Spot the Results

You watch a calculator pop open and check a new file that proves it ran with the highest access level.

🎉 You've Got It

Feeling smarter about security, you confirm the flaw works and remind yourself to always update real computers.

Sign up to see the full architecture

4 more

Sign Up Free

Star Growth

See how this repo grew from 47 to 74 stars Sign Up Free
Repurpose This Repo

Repurpose is a Pro feature

Generate ready-to-use prompts for X threads, LinkedIn posts, blog posts, YouTube scripts, and more -- with full repo context baked in.

Unlock Repurpose
AI-Generated Review

What is CVE-2026-20817?

This C++ proof-of-concept exploits a local privilege escalation flaw in the Windows Error Reporting service, letting low-privileged users spawn processes like calc.exe or cmd with SYSTEM rights via crafted ALPC messages to the \WindowsErrorReportingService port. It targets unpatched Windows 10, 11, and Servers up to the January 2026 update, dumping output to files like C:\poc_wer.txt and analyzing the elevated WerFault.exe token for privileges like SeDebugPrivilege. Developers get a quick compile-and-run demo (cl /EHsc) to reproduce elevation tied to windows error reporting issues, without needing complex setups.

Why is it gaining traction?

With 43 stars, it stands out for its straightforward build on Windows SDK and Visual Studio, delivering reliable SYSTEM shells on vulnerable systems amid buzz around windows error codes like 0xc00000e and error log exploits. Unlike verbose alternatives, it skips bloat, focusing on clean ALPC interaction with the windows error reporting service—ideal for fast repros in 2026-era pentests. The detailed README covers affected versions and patches, hooking security devs tired of flaky PoCs.

Who should use this?

Windows security researchers auditing error reporting flaws, red teamers simulating local EoP in enterprise environments pre-2026 patches, and pentesters probing windows error reporting 1001 events or service misconfigs. It's for those running controlled labs on Windows 10/11, not production systems.

Verdict

Solid educational PoC with clear docs and easy compilation, but low maturity—43 stars and 0.699999988079071% credibility score signal early-stage research tool, lacking tests or broad validation. Use only in authorized setups; pair with windows github actions for CI repros, but verify patches first.

(198 words)

Sign up to read the full AI review Sign Up Free

Similar repos coming soon.