CVE-2026-50425 is a Windows Internal System User Profile elevation of privilege vulnerability caused by a use-after-free issue. Microsoft rates it as CVSS v3.1 7.8 (High) with a temporal score of 6.8. The attack vector is LOCAL, attack complexity is LOW, privileges required are LOW, and no user interaction is needed. If exploited, it can impact confidentiality, integrity, and availability at HIGH levels. Microsoft lists public disclosure as No, exploitation as No, and exploit code maturity as UNPROVEN. This is an enterprise-relevant local privilege escalation issue rather than a network-facing threat. Highlights: - CVSS scores: Base 7.8 - Temporal 6.8 - Exploit status & code maturity: Publicly Disclosed: No; Exploited: No; Exploit Code Maturity: UNPROVEN. - Impact: Elevation of Privilege; confidentiality, integrity, and availability impacts are all HIGH. - Exploitation likelihood: Exploitation Less Likely; local vector with LOW attack complexity, LOW privileges required, and NO user interaction. - Severity for enterprise: High severity if an attacker already has local access, but lower risk than network-exposed issues because the vector is LOCAL and does not require user interaction. - Patch status: available Affected systems: - Windows 10 21H2 - Windows 10 22H2 - Windows 11 24H2 - Windows 11 25H2 - Windows 11 26H1 - Windows 11 unspecified - Windows Server 2025