CVE-2026-20928
MEDIUM
NVD
CVSS Score
4.6
Severity
MEDIUM
Published
Apr 14, 2026
Vendor
unknown
Description
Improper removal of sensitive information before storage or transfer in Windows Recovery Environment Agent allows an unauthorized attacker to bypass a security feature with a physical attack.