CVE-2026-50361 is a Microsoft Brokering File System Elevation of Privilege vulnerability caused by a double free issue. It affects Windows 11 24H2, 25H2, 26H1, unspecified, and Windows Server 2025. The CVSS v3.1 base score is 7.8 (High) with a temporal score of 6.8; the vector is LOCAL, LOW attack complexity, LOW privileges required, and NO user interaction. Microsoft reports no public disclosure and no known exploitation, with exploit code maturity UNPROVEN and exploitation considered unlikely. Because this is a local elevation-of-privilege issue, it is more relevant to enterprise systems where local access is possible, but it is not an internet-facing remote attack. Highlights: - CVSS scores: Base 7.8 - Temporal 6.8 - Exploit status & code maturity: Publicly Disclosed: No; Exploited: No; Exploit Code Maturity: UNPROVEN - Impact: Elevation of Privilege with HIGH confidentiality, integrity, and availability impacts - Exploitation likelihood: Exploitation Unlikely; LOCAL vector with LOW attack complexity, LOW privileges required, and NO user interaction - Severity for enterprise: High severity by CVSS, but lower exposure than network-based issues because exploitation requires local access on affected Windows systems - Patch status: available Affected systems: - Windows 11 24H2 - Windows 11 25H2 - Windows 11 26H1 - Windows 11 unspecified - Windows Server 2025