CVE-2026-20857
cldflt.sys — elevation of privilege
Summary
| Field | Value |
|---|---|
| Driver | cldflt.sys |
| Vulnerability Class | Elevation of Privilege |
| CVSS | 7.8 |
| Exploited ITW | No |
| Patch Date | January 13, 2026 |
Root Cause
A vulnerability in the Cloud Files Mini Filter driver allows a local attacker to escalate privileges. The exact root cause has not been publicly detailed beyond Microsoft's advisory.
Exploitation
The attacker sends crafted cloud file operations to reach SYSTEM.
Exploitation Primitive
Crafted cloud file operation → kernel vulnerability → SYSTEM