CVE-2026-50333 - Windows Spaceport.sys Elevation of Privilege Vulnerability - is a local elevation of privilege issue in Windows Spaceport.sys. Microsoft says a successful attacker could gain SYSTEM privileges. The CVSS v3.1 base score is 7.8 (High) with a temporal score of 6.8; the vector is LOCAL, LOW attack complexity, LOW privileges required, and NO user interaction. Microsoft reports no public disclosure and no exploitation in the wild, with exploit code maturity UNPROVEN. This is a high-severity local privilege escalation rather than a network-reachable issue, so enterprise risk is mainly on systems where untrusted local code or users can run. Highlights: - CVSS scores: Base 7.8 - Temporal 6.8 - Exploit status & code maturity: Publicly Disclosed: No; Exploited: No; Exploit Code Maturity: UNPROVEN. - Impact: Elevation of Privilege; confidentiality, integrity, and availability impacts are all HIGH. Successful exploitation could grant SYSTEM privileges. - Exploitation likelihood: Exploitation Less Likely; LOCAL vector with LOW attack complexity, LOW privileges required, and NO user interaction. - Severity for enterprise: High technical severity, but lower exposure than network-based vulnerabilities because exploitation requires local access. Priority is higher on shared or multi-user Windows systems where local attackers or untrusted code are realistic. - Patch status: available; customer action required. Affected systems: - Windows 10 1607 - Windows 10 1809 - Windows 10 21H2 - Windows 10 22H2 - Windows 11 24H2 - Windows 11 25H2 - Windows 11 26H1 - Windows 11 unspecified - Windows Server 2016 - Windows Server 2019 - Windows Server 2022 - Windows Server 2025