CVE-2026-49797 is a Windows NTFS heap-based buffer overflow that can lead to remote code execution. Microsoft rates it as High severity with a CVSS v3.1 base score of 7.8 and temporal score of 6.8. The vector is local attack access with low complexity, no privileges required, and user interaction required (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H). Microsoft reports no public disclosure and no known exploitation, and exploit code maturity is unproven. Because this is a local, user-interaction-required issue, enterprise risk is more relevant to systems where users may open or interact with malicious content than to network-exposed services. Highlights: - CVSS scores: Base 7.8 - Temporal 6.8 - Exploit status & code maturity: Publicly Disclosed: No; Exploited: No; Exploit Code Maturity: UNPROVEN - Impact: Remote Code Execution with HIGH confidentiality, integrity, and availability impacts - Exploitation likelihood: Exploitation Less Likely; local attack vector and required user interaction reduce remote enterprise exposure - Severity for enterprise: High severity by CVSS, but lower enterprise exposure than network-based RCE because the vector is LOCAL and requires user interaction - Patch status: available; customer action required Affected systems: - Windows 10 1607 - Windows 10 1809 - Windows 10 21H2 - Windows 10 22H2 - Windows 11 24H2 - Windows 11 25H2 - Windows 11 26H1 - Windows 11 unspecified - Windows Server 2012 - Windows Server 2012 R2 - Windows Server 2016 - Windows Server 2019 - Windows Server 2022 - Windows Server 2025