CVE-2026-50344 is a Windows OLE Improper Authorization vulnerability that can lead to elevation of privilege to SYSTEM. Microsoft rates it with a CVSS v3.1 base score of 7.8 and temporal score of 6.8, using a local attack vector with low attack complexity, low privileges required, and no user interaction. The issue affects confidentiality, integrity, and availability at high impact if exploited. Microsoft reports no public disclosure and no known exploitation, with exploit code maturity unproven. Because the attack is local rather than network-based, it is less relevant to internet-facing services but remains significant for systems where untrusted local code or users may be present. Highlights: - CVSS scores: Base 7.8 - Temporal 6.8 - Exploit status & code maturity: Publicly Disclosed: No; Exploited: No; Exploit Code Maturity: UNPROVEN - Impact: Elevation of Privilege; confidentiality HIGH, integrity HIGH, availability HIGH - Exploitation likelihood: Exploitation Less Likely; local vector, LOW attack complexity, LOW privileges required, and NO user interaction - Severity for enterprise: High technical severity, but enterprise exposure is primarily limited to local attack scenarios rather than remote network services - Patch status: available; customer action required Affected systems: - Windows 10 1607, 1809, 21H2, 22H2 - Windows 11 24H2, 25H2, 26H1, unspecified - Windows Server 2012, 2012 R2, 2016, 2019, 2022, 2025