CVE-2026-50326 is a Windows Unified Consent System elevation of privilege vulnerability caused by a use after free issue. Microsoft rates it as CVSS v3.1 7.8 (High) with a temporal score of 6.8. The attack vector is LOCAL, attack complexity is LOW, privileges required are LOW, and user interaction is NONE. If exploited, it can affect confidentiality, integrity, and availability at HIGH levels. Microsoft says it has not been publicly disclosed or exploited, exploit code maturity is UNPROVEN, and exploitation is considered unlikely. Because it is a local privilege escalation issue, enterprise risk is mainly to systems where attackers can already obtain local access. Highlights: - CVSS scores: Base 7.8 - Temporal 6.8 - Exploit status & code maturity: Publicly Disclosed: No; Exploited: No; Exploit Code Maturity: UNPROVEN - Impact: Elevation of Privilege with HIGH confidentiality, HIGH integrity, and HIGH availability impact - Exploitation likelihood: Exploitation Unlikely; local attack vector with LOW attack complexity, LOW privileges required, and NO user interaction - Severity for enterprise: High severity by CVSS, but lower exposure than network-based vulnerabilities because exploitation requires local access; higher concern on multi-user or internally accessible Windows systems - Patch status: available Affected systems: - Windows 10 21H2 - Windows 10 22H2 - Windows 11 24H2 - Windows 11 25H2 - Windows 11 26H1 - Windows 11 unspecified - Windows Server 2025