CVE-2026-50439 is a Microsoft Message Queuing Queue Manager remote code execution vulnerability caused by a use-after-free issue. Microsoft rates it at CVSS v3.1 base 8.1 and temporal 7.1, with a NETWORK attack vector, HIGH attack complexity, no privileges required, and no user interaction. If exploited, it can impact confidentiality, integrity, and availability at HIGH levels. Microsoft reports no public disclosure and no known exploitation, with exploit code maturity UNPROVEN. Because it is network-reachable and requires no user interaction, it is relevant for enterprise environments that expose affected Message Queuing services. Highlights: - CVSS scores: Base 8.1 - Temporal 7.1 - Exploit status & code maturity: Publicly Disclosed: No; Exploited: No; Exploit Code Maturity: UNPROVEN. - Impact: Remote Code Execution with HIGH confidentiality, integrity, and availability impacts. - Exploitation likelihood: Exploitation Less Likely; NETWORK vector, no privileges required, and no user interaction, but attack complexity is HIGH. - Severity for enterprise: High severity. Network-exposed systems using the affected Message Queuing Queue Manager are higher risk than local-only issues, even though exploitation is not currently reported. - Patch status: available Affected systems: - Windows 10 1607, 1809, 21H2, 22H2 - Windows 11 24H2, 25H2, 26H1, unspecified - Windows Server 2012, 2012 R2, 2016, 2019, 2022, 2025