CVE-2026-50440 is a Windows Audio Service elevation of privilege vulnerability caused by a race condition / improper synchronization. Microsoft rates it High severity with a CVSS v3.1 base score of 7.8 and temporal score of 6.8. The attack vector is LOCAL, with LOW attack complexity, LOW privileges required, and no user interaction. If exploited, it can affect confidentiality, integrity, and availability at a HIGH level. Microsoft reports no public disclosure, no known exploitation, and exploit code maturity is UNPROVEN; exploitation likelihood is listed as Exploitation Unlikely. Because this is a local privilege escalation issue, enterprise risk is primarily for systems where untrusted local code or users can run. Highlights: - CVSS scores: Base 7.8 - Temporal 6.8 - Exploit status & code maturity: Publicly Disclosed: No; Exploited: No; Exploit Code Maturity: UNPROVEN. - Impact: Elevation of Privilege with HIGH confidentiality, integrity, and availability impacts. - Exploitation likelihood: Exploitation Unlikely; LOCAL vector with LOW attack complexity, LOW privileges required, and no user interaction. - Severity for enterprise: High technical severity, but lower risk for internet-facing services because exploitation requires local access. Higher concern for endpoints or shared systems where local code execution or low-privilege local access is plausible. - Patch status: available; customer action required. Affected systems: - Windows 11 24H2 - Windows 11 25H2 - Windows 11 26H1 - unspecified