CVE-2020-26141

medium

Published 2021-11-09 · Modified 2021-11-12

CVSS v3

—

CVSS v2

—

VIR risk

5.5

Description

An issue was discovered in the ALFA Windows 10 driver 6.1316.1209 for AWUS036H. The Wi-Fi implementation does not verify the Message Integrity Check (authenticity) of fragmented TKIP frames. An adversary can abuse this to inject and possibly decrypt packets in WPA or WPA2 networks that support the TKIP data-confidentiality protocol.

Predictions

Exploit likelihood

20%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: alma — https://errata.almalinux.org/8/ALSA-2021-4356.html

vendor Authored 2026-05-27

Vendor advisory: debian — https://security-tracker.debian.org/tracker/CVE-2020-26141

vendor Authored 2026-05-27

Vendor advisory: suse — https://www.suse.com/security/cve/CVE-2020-26141.html

OS impact

OS	Version	Status	Fixed in
arch		fixed	`5.12.9.hardened1-1`
sles		affected
debian	bookworm	fixed	`5.10.46-1`
debian	bullseye	fixed	`5.10.46-1`
debian	forky	fixed	`5.10.46-1`
debian	sid	fixed	`5.10.46-1`
debian	trixie	fixed	`5.10.46-1`

References

Verify integrity in audit chain (admin only). AS-IS.