CVE-2026-50335 - Windows Operating Systems Elevation of Privilege Vulnerability - is an improper access control issue affecting multiple Windows client and server releases. Microsoft says successful exploitation could grant SYSTEM privileges. The CVSS v3.1 base score is 7.8 (High) with a temporal score of 6.8; the vector is local, requires low privileges, no user interaction, and has unchanged scope. Microsoft reports no public disclosure and no known exploitation, with exploit code maturity marked UNPROVEN. Because the attack is local-only, enterprise risk is highest where attackers can already run code or obtain local access on Windows systems. Highlights: - CVSS scores: Base 7.8 - Temporal 6.8 - Exploit status & code maturity: Publicly Disclosed: No; Exploited: No; Exploit Code Maturity: UNPROVEN. - Impact: Elevation of Privilege; confidentiality, integrity, and availability impacts are all HIGH. Microsoft states a successful attacker could gain SYSTEM privileges. - Exploitation likelihood: Exploitation Less Likely; local vector, LOW attack complexity, LOW privileges required, and NO user interaction. - Severity for enterprise: High severity from a CVSS perspective, but enterprise exposure is primarily local rather than network-based. Risk is more relevant on systems where untrusted local code or users are present. - Patch status: available Affected systems: - Windows 10 1809 - Windows 10 21H2 - Windows 10 22H2 - Windows 11 24H2 - Windows 11 25H2 - Windows 11 26H1 - Windows 11 unspecified - Windows Server 2019 - Windows Server 2022 - Windows Server 2025