CVE-2026-50429 is a Windows Kernel information disclosure vulnerability caused by an out-of-bounds read. Microsoft says an attacker could read the contents of kernel memory from a user-mode process. The CVSS v3.1 base score is 8.2 (High), with a temporal score of 7.1. The vector is NETWORK, LOW attack complexity, NO privileges required, and NO user interaction. Microsoft lists no public disclosure and no known exploitation, with exploit code maturity marked UNPROVEN. For enterprise environments, the network attack vector and lack of authentication or user interaction make it relevant to exposed Windows systems, but the impact described is information disclosure rather than code execution. Highlights: - CVSS scores: Base 8.2 - Temporal 7.1 - Exploit status & code maturity: Publicly Disclosed: No; Exploited: No; Exploit Code Maturity: UNPROVEN. - Impact: Information Disclosure; confidentiality impact HIGH, integrity impact NONE, availability impact LOW. - Exploitation likelihood: Exploitation Less Likely; vector is NETWORK with LOW attack complexity, NO privileges required, and NO user interaction. - Severity for enterprise: High technical severity due to network reachability and no interaction required, with kernel memory disclosure on affected Windows systems; enterprise risk is higher for exposed systems, but there is no evidence of active exploitation in the source data. - Patch status: available Affected systems: - Windows 10 1607 - Windows 10 1809 - Windows 10 21H2 - Windows 10 22H2 - Windows 11 24H2 - Windows 11 25H2 - Windows 11 26H1 - Windows 11 unspecified - Windows Server 2016 - Windows Server 2019 - Windows Server 2022 - Windows Server 2025