CVE-2026-50336 is a Windows Media Elevation of Privilege vulnerability caused by a heap-based buffer overflow. Microsoft rates it High severity with a CVSS v3.1 base score of 7.8 and temporal score of 6.8. The vector is local-only (AV:L), requires low privileges, and no user interaction. Microsoft reports no public disclosure and no known exploitation, with exploit code maturity unproven. Because it is a local elevation-of-privilege issue, enterprise risk is more relevant for systems where attackers can already obtain local access. Highlights: - CVSS scores: Base 7.8 - Temporal 6.8 - Exploit status & code maturity: Publicly Disclosed: No; Exploited: No; Exploit Code Maturity: UNPROVEN - Impact: Elevation of Privilege; confidentiality, integrity, and availability impacts are all HIGH - Exploitation likelihood: Latest Software Release: Exploitation Less Likely; local vector, LOW attack complexity, LOW privileges required, and NO user interaction - Severity for enterprise: High technical severity, but lower exposure than remote/network-based issues because exploitation requires local access - Patch status: available; customer action required Affected systems: - Windows 11 24H2 - Windows 11 25H2 - Windows 11 26H1 - Windows 11 unspecified