CVE-2026-50343 - Microsoft Install Service Elevation of Privilege Vulnerability - is an improper privilege management issue in the Microsoft Install Service that can allow elevation of privilege to SYSTEM. It has a CVSS v3.1 base score of 7.8 and temporal score of 6.8, with a LOCAL attack vector, LOW attack complexity, LOW privileges required, and no user interaction. Microsoft reports no public disclosure and no known exploitation, with exploit code maturity UNPROVEN. Because this is a local privilege escalation issue, the enterprise risk is highest on systems where attackers can already obtain local execution or low-privilege access. Highlights: - CVSS scores: Base 7.8 - Temporal 6.8 - Exploit status & code maturity: Publicly Disclosed: No; Exploited: No; Exploit Code Maturity: UNPROVEN. - Impact: Elevation of Privilege; confidentiality, integrity, and availability impacts are all HIGH; successful exploitation can grant SYSTEM privileges. - Exploitation likelihood: Exploitation More Likely; LOCAL vector with LOW attack complexity, LOW privileges required, and NO user interaction. - Severity for enterprise: High. The CVSS score is above 7, but the local-only vector means it is not a remote exposure issue; risk is primarily on endpoints and servers where an attacker can gain local access or a foothold. - Patch status: available; customer action required. Affected systems: - Windows 10 1809 - Windows 10 21H2 - Windows 10 22H2 - Windows 11 24H2 - Windows 11 25H2 - Windows 11 26H1 - Windows 11 unspecified - Windows Server 2019 - Windows Server 2022 - Windows Server 2025