CVE-2026-50342 - Windows MIDI Service Module Elevation of Privileges Vulnerability - is an improper access control issue in the Windows MIDI Service Module that can lead to elevation of privilege. Microsoft rates it at CVSS v3.1 base 8.8 with a temporal score of 7.7; the vector is LOCAL, LOW attack complexity, LOW privileges required, NO user interaction, and CHANGED scope, with HIGH confidentiality, integrity, and availability impact. Microsoft says it is not publicly disclosed and not exploited, with exploit code maturity UNPROVEN and exploitation less likely. Because it is a local privilege escalation issue, enterprise risk is higher for systems where untrusted local code or users can run, rather than for network-exposed services. Highlights: - CVSS scores: Base 8.8 - Temporal 7.7 - Exploit status & code maturity: Publicly Disclosed: No; Exploited: No; Latest Software Release: Exploitation Less Likely; Exploit Code Maturity: UNPROVEN. - Impact: Elevation of Privilege with HIGH confidentiality, HIGH integrity, and HIGH availability impacts. - Exploitation likelihood: Exploitation Less Likely; LOCAL vector, LOW attack complexity, LOW privileges required, and NO user interaction. - Severity for enterprise: High severity by CVSS, but real-world exposure is lower than network-reachable issues because exploitation requires local access. Risk is more relevant on shared or multi-user Windows systems. - Patch status: available Affected systems: - Windows 11 24H2 - Windows 11 25H2 - Windows 11 26H1 - Windows 11 unspecified