Vulnerabilities ›

CVE-2026-20714

High

CWE-787 — Weakness Type

                    Published: May 12, 2026                      ·  Modified: May 19, 2026                      ·  Source: NVD                

CVSS v3

7.8

🔗 NVD Official

📄 Description (English)

Out-of-bounds write for some Intel(R) QAT software drivers for Windows before version 1.13 within Ring 3: User Applications may allow a escalation of privilege. Unprivileged software adversary with an authenticated user combined with a low complexity attack may enable escalation of privilege. This result may potentially occur via local access when attack requirements are not present without special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (high), integrity (high) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts.

🤖 AI Executive Summary

CVE-2026-20714 is a high-severity out-of-bounds write vulnerability in Intel QAT software drivers for Windows (versions before 1.13) that allows local privilege escalation. An authenticated user with low attack complexity can exploit this vulnerability to gain elevated privileges, potentially compromising system confidentiality, integrity, and availability. This vulnerability affects cryptographic acceleration hardware commonly used in enterprise and financial systems across Saudi Arabia.

📄 Description (Arabic)

🤖 AI Intelligence Analysis Analyzed: May 15, 2026 23:50

🇸🇦 Saudi Arabia Impact Assessment

This vulnerability poses significant risk to Saudi banking sector (SAMA-regulated institutions), government agencies (NCA oversight), and critical infrastructure operators. Financial institutions using Intel QAT for cryptographic operations face direct privilege escalation risks. Energy sector (ARAMCO, SAECO) and telecommunications (STC, Mobily) infrastructure utilizing QAT acceleration are at elevated risk. Healthcare organizations (MOH systems) and government data centers processing sensitive citizen data could experience unauthorized access and data exfiltration. The vulnerability's local attack vector makes it particularly dangerous in shared computing environments and cloud deployments prevalent in Saudi digital transformation initiatives.

🏢 Affected Saudi Sectors

Banking and Financial Services Government and Public Administration Critical Infrastructure (Energy, Water) Telecommunications Healthcare Defense and Security Data Centers and Cloud Services

🎯 MITRE ATT&CK Techniques

T1548 - Abuse Elevation Control Mechanism T1548.004 - Abuse Elevation Control Mechanism: Elevated Execution with Prompt T1134 - Access Token Manipulation T1055 - Process Injection T1543 - Create or Modify System Process

⚖️ Saudi Risk Score (AI)

8.2

/ 10.0

🔧 Remediation Steps (English)

IMMEDIATE ACTIONS:

1. Identify all systems running Intel QAT drivers for Windows and document current versions

2. Restrict local access to systems with QAT drivers; implement principle of least privilege for user accounts

3. Monitor for suspicious privilege escalation attempts and unauthorized local access

PATCHING GUIDANCE:

1. Upgrade Intel QAT software drivers to version 1.13 or later immediately

2. Prioritize patching for systems in banking, government, and critical infrastructure sectors

3. Test patches in non-production environments before enterprise deployment

4. Coordinate with Intel support for driver compatibility verification with existing cryptographic implementations

COMPENSATING CONTROLS (if immediate patching not possible):

1. Implement application whitelisting to restrict execution of unauthorized applications

2. Enable Windows Defender Application Guard for additional isolation

3. Deploy endpoint detection and response (EDR) solutions with privilege escalation detection

4. Implement strict access controls and multi-factor authentication for sensitive systems

5. Disable QAT acceleration if not critical to operations; use software-based cryptography temporarily

DETECTION RULES:

1. Monitor for unexpected privilege escalation events from QAT driver processes

2. Alert on out-of-bounds memory access attempts targeting QAT driver memory regions

3. Track Intel QAT driver version changes and unauthorized driver modifications

4. Monitor for suspicious inter-process communication with QAT-related processes

5. Implement YARA rules targeting QAT driver exploitation patterns

🔧 خطوات المعالجة (العربية)

الإجراءات الفورية:

1. تحديد جميع الأنظمة التي تقوم بتشغيل برامج تشغيل Intel QAT لنظام Windows وتوثيق الإصدارات الحالية

2. تقييد الوصول المحلي للأنظمة ببرامج تشغيل QAT؛ تنفيذ مبدأ أقل امتياز لحسابات المستخدمين

3. مراقبة محاولات تصعيد الامتيازات المريبة والوصول المحلي غير المصرح به

إرشادات التصحيح:

1. ترقية برامج تشغيل Intel QAT لنظام Windows إلى الإصدار 1.13 أو أحدث فورًا

2. إعطاء الأولوية لتصحيح الأنظمة في قطاعات البنوك والحكومة والبنية التحتية الحرجة

3. اختبار التصحيحات في بيئات غير الإنتاج قبل نشر المؤسسة

4. التنسيق مع دعم Intel للتحقق من توافق برنامج التشغيل مع التطبيقات التشفيرية الموجودة

الضوابط البديلة (إذا لم يكن التصحيح الفوري ممكنًا):

1. تنفيذ قائمة بيضاء للتطبيقات لتقييد تنفيذ التطبيقات غير المصرح بها

2. تفعيل Windows Defender Application Guard للعزل الإضافي

3. نشر حلول الكشف والاستجابة للنقاط النهائية (EDR) مع كشف تصعيد الامتيازات

4. تنفيذ ضوابط وصول صارمة والمصادقة متعددة العوامل للأنظمة الحساسة

5. تعطيل تسريع QAT إذا لم يكن حرجًا للعمليات؛ استخدام التشفير المستند إلى البرامج مؤقتًا

قواعد الكشف:

1. مراقبة أحداث تصعيد الامتيازات غير المتوقعة من عمليات برنامج تشغيل QAT

2. التنبيه على محاولات الوصول إلى الذاكرة خارج الحدود التي تستهدف مناطق ذاكرة برنامج تشغيل QAT

3. تتبع تغييرات إصدار برنامج تشغيل Intel QAT والتعديلات غير المصرح بها على برنامج التشغيل

4. مراقبة الاتصالات بين العمليات المريبة مع العمليات المتعلقة بـ QAT

5. تنفيذ قواعد YARA التي تستهدف أنماط استغلال برنامج تشغيل QAT

📋 Regulatory Compliance Mapping

🟢 NCA ECC 2024

ECC 2024 A.5.1.1 - Access Control Policies ECC 2024 A.5.2.1 - User Registration and Access Rights Management ECC 2024 A.6.2.1 - Restriction of Access to Information ECC 2024 A.12.2.1 - Installation of Software on Operational Systems ECC 2024 A.12.6.1 - Management of Technical Vulnerabilities

🔵 SAMA CSF

ID.AM-2 - Hardware and Software Inventory PR.AC-1 - Access Control Policy PR.PT-2 - Removable Media Protection DE.CM-8 - Vulnerability Scans RS.MI-2 - Incidents are mitigated

🟡 ISO 27001:2022

A.5.1.1 - Policies for the use of information and other associated assets A.5.2.1 - Information security responsibilities A.6.1.1 - Screening A.8.1.1 - User endpoint devices A.12.6.1 - Management of technical vulnerabilities

🟣 PCI DSS v4.0.1

Requirement 2.2.4 - Configure system security parameters Requirement 6.2 - Ensure security patches are installed Requirement 11.2 - Run automated vulnerability scans

🔗 References & Sources 1

🔗

https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01387.html

secure@intel.com

Patch Vendor Advisory

📦 Affected Products / CPE 1 entries

intel:quickassist_technology

📊 CVSS Score

7.8

/ 10.0 — High

📊 CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack VectorL — Low / Local

Attack ComplexityL — Low / Local

Privileges RequiredL — Low / Local

User InteractionN — None / Network

ScopeU — Unchanged

ConfidentialityH — High

IntegrityH — High

AvailabilityH — High

📋 Quick Facts

Severity High

CVSS Score7.8

CWECWE-787

EPSS0.02%

Exploit No

Patch ✓ Yes

Published 2026-05-12

Source Feed nvd

🇸🇦 Saudi Risk Score

8.2

/ 10.0 — Saudi Risk

Priority: CRITICAL

🏷️ Tags

patch-available CWE-787

🏢 Vendor Advisories

🔗 https://intel.com/content/www/us/en/security-center/...

⚡ Actions

🔗 NVD Official Page ⚡ Exploit-DB Search 🐙 GitHub PoC Search 🎯 MITRE ATT&CK 📊 CVE Details

CVE-2026-20714

Introduce Yourself

Sign In Required