CVE-2026-50340 is a Windows Runtime elevation of privilege vulnerability caused by a use-after-free condition. Microsoft rates it as CVSS v3.1 base 8.5 (High) with a temporal score of 7.4; the vector is NETWORK, attack complexity is HIGH, privileges required are LOW, user interaction is NONE, and scope is CHANGED. Microsoft reports no public disclosure and no known exploitation, with exploit code maturity UNPROVEN and exploitation likelihood marked as unlikely. Customer action is required. For enterprise environments, the main risk is privilege escalation on affected Windows systems rather than direct remote code execution. Highlights: - CVSS scores: Base 8.5 - Temporal 7.4 - Exploit status & code maturity: Publicly Disclosed: No; Exploited: No; Exploit Code Maturity: UNPROVEN. - Impact: Elevation of Privilege with HIGH confidentiality, HIGH integrity, and HIGH availability impacts. - Exploitation likelihood: Exploitation Unlikely; NETWORK vector with HIGH attack complexity, LOW privileges required, and NO user interaction. - Severity for enterprise: High severity from a CVSS perspective, but real-world enterprise risk is moderated by the HIGH attack complexity and lack of known exploitation; still relevant for Windows hosts where privilege escalation would be impactful. - Patch status: available Affected systems: - Windows 11 24H2 - Windows 11 25H2 - Windows 11 26H1 - Windows 11 unspecified - Windows Server 2025