CVE-2026-50373 is a Windows Search Service Elevation of Privilege vulnerability caused by improper access control. It affects Windows 10 1809/21H2/22H2, Windows 11 24H2/25H2/26H1/unspecified, and Windows Server 2019/2022/2025. Microsoft rates it at CVSS v3.1 7.8 (High) with a temporal score of 6.8; the vector is local access, low attack complexity, low privileges required, and no user interaction. Microsoft states it is not publicly disclosed or exploited, exploit code maturity is unproven, and customer action is required. Because the issue is local-only, enterprise risk is highest where untrusted local users or code can run on affected systems. Highlights: - CVSS scores: Base 7.8 - Temporal 6.8 - Exploit status & code maturity: Publicly Disclosed: No; Exploited: No; Exploit Code Maturity: UNPROVEN. - Impact: Elevation of Privilege with HIGH confidentiality, HIGH integrity, and HIGH availability impact. - Exploitation likelihood: Exploitation Less Likely; vector context is LOCAL, LOW attack complexity, LOW privileges required, and NO user interaction. - Severity for enterprise: High severity by CVSS, but lower exposure risk than network-reachable issues because exploitation requires local access. Risk is more relevant on shared or multi-user Windows systems. - Patch status: available Affected systems: - Windows 10 1809 - Windows 10 21H2 - Windows 10 22H2 - Windows 11 24H2 - Windows 11 25H2 - Windows 11 26H1 - Windows 11 unspecified - Windows Server 2019 - Windows Server 2022 - Windows Server 2025