CVE-2026-50353 is a DirectX Graphics Kernel elevation of privilege vulnerability caused by a use-after-free condition. It has a CVSS v3.1 base score of 7.8 and temporal score of 6.8. The attack vector is local, with low attack complexity, low privileges required, and no user interaction. Microsoft reports no public disclosure and no known exploitation, with exploit code maturity unproven and exploitation likelihood rated as less likely. Because this is a local privilege escalation issue, it is most relevant to environments where untrusted local code or users can run on affected Windows systems. Highlights: - CVSS scores: Base 7.8 - Temporal 6.8 - Exploit status & code maturity: Publicly Disclosed: No; Exploited: No; Exploit Code Maturity: UNPROVEN - Impact: Elevation of Privilege with HIGH confidentiality, HIGH integrity, and HIGH availability impacts - Exploitation likelihood: Exploitation Less Likely; local vector, LOW attack complexity, LOW privileges required, and NO user interaction - Severity for enterprise: High technical severity, but enterprise exposure is lower than remote vulnerabilities because exploitation requires local access. Risk is more relevant on shared Windows endpoints, servers, or systems where untrusted users or code can execute locally - Patch status: available Affected systems: - Windows 11 24H2 - Windows 11 25H2 - Windows 11 26H1 - Windows 11 unspecified - Windows Server 2025