CVE-2026-50293 is a Windows Internal Task Bar elevation of privilege vulnerability caused by a use-after-free issue. Microsoft rates it at CVSS v3.1 base 7.8 (High) with a temporal score of 6.8; the vector is local access, low attack complexity, low privileges required, and no user interaction. Microsoft reports no public disclosure and no known exploitation, and exploit code maturity is unproven. Because this is a local privilege escalation issue, it is most relevant to enterprise systems where attackers already have local access or can run code on the host. Highlights: - CVSS scores: Base 7.8 - Temporal 6.8 - Exploit status & code maturity: Publicly Disclosed: No; Exploited: No; Exploit Code Maturity: UNPROVEN. - Impact: Elevation of Privilege with HIGH confidentiality, HIGH integrity, and HIGH availability impact. - Exploitation likelihood: Not stated as "Exploitation More Likely"; vector context is LOCAL, LOW attack complexity, LOW privileges required, and NO user interaction. - Severity for enterprise: High technical severity, but lower exposure risk than network-based issues because exploitation requires local access on affected Windows systems. - Patch status: available; customer action required. Affected systems: - Windows 10 21H2 - Windows 10 22H2 - Windows 11 24H2 - Windows 11 25H2 - Windows 11 26H1 - Windows 11 unspecified - Windows Server 2025