CVE-2026-50317 is a Windows Operating Systems elevation of privilege vulnerability caused by a race condition involving concurrent execution using a shared resource with improper synchronization. Microsoft rates it as CVSS v3.1 7.8 (High) with a temporal score of 6.8. The attack vector is LOCAL, with LOW attack complexity, LOW privileges required, and no user interaction. If successfully exploited, an attacker could gain SYSTEM privileges. Microsoft reports no public disclosure and no known exploitation, with exploit code maturity UNPROVEN. Because the issue is local-only, enterprise risk is mainly to systems where untrusted local access is possible rather than to network-exposed services. Highlights: - CVSS scores: Base 7.8 - Temporal 6.8 - Exploit status & code maturity: Publicly Disclosed: No; Exploited: No; Exploit Code Maturity: UNPROVEN - Impact: Elevation of Privilege; confidentiality HIGH, integrity HIGH, availability HIGH - Exploitation likelihood: Latest Software Release: Exploitation Less Likely; LOCAL vector, LOW attack complexity, LOW privileges required, and no user interaction - Severity for enterprise: High technical severity, but lower exposure risk than remote vulnerabilities because exploitation requires local access. Most relevant on systems where local users or code execution opportunities exist. - Patch status: available; customer action required Affected systems: - Windows 11 24H2 - Windows 11 25H2 - Windows 11 26H1 - Windows 11 unspecified - Windows Server 2025