CVE-2026-50378 - Windows Key Guard Elevation of Privilege Vulnerability - is a race condition in Windows Key Guard that can allow elevation of privilege to SYSTEM. Microsoft rates it CVSS v3.1 base 7.8 and temporal 6.8, with a LOCAL attack vector, LOW attack complexity, LOW privileges required, and NO user interaction. The impact is high for confidentiality, integrity, and availability. Microsoft says it is not publicly disclosed, not exploited, and exploit code maturity is UNPROVEN. Because the attack requires local access, enterprise risk is mainly to systems where an attacker can already run code or obtain local access. Highlights: - CVSS scores: Base 7.8 - Temporal 6.8 - Exploit status & code maturity: Publicly Disclosed: No; Exploited: No; Exploit Code Maturity: UNPROVEN. - Impact: Elevation of Privilege; confidentiality, integrity, and availability impacts are all HIGH. - Exploitation likelihood: Not stated as "Exploitation More Likely"; vector context is LOCAL with LOW attack complexity, LOW privileges required, and NO user interaction. - Severity for enterprise: High severity, but lower exposure than network-reachable issues because exploitation is local only; higher concern on endpoints or servers where untrusted local access is possible. - Patch status: available Affected systems: - Windows 10 1809 - Windows 10 21H2 - Windows 10 22H2 - Windows 11 24H2 - Windows 11 25H2 - Windows 11 26H1 - Windows 11 unspecified - Windows Server 2019 - Windows Server 2022 - Windows Server 2025