Microsoft has assigned CVE‑2026‑20872 to a new NTLM hash disclosure / spoofing vulnerability that affects the Windows Shell and File Explorer family of components — a class of bugs that historically allows a crafted file or metadata to cause a client to resolve an attacker‑controlled UNC/SMB...
