CVE-2026-50444 is a Windows Server Update Service (WSUS) Elevation of Privilege vulnerability caused by a missing authentication control for a critical function. Microsoft rates it High severity with a CVSS v3.1 base score of 8.8 and temporal score of 7.7. The attack vector is NETWORK, attack complexity is LOW, privileges required are LOW, and user interaction is NONE. The impact is high across confidentiality, integrity, and availability. Microsoft says it is not publicly disclosed, not exploited, and exploit code maturity is UNPROVEN. Because it affects WSUS and can be reached over the network with low attacker requirements, it is relevant for enterprise environments where WSUS is exposed or broadly reachable. Highlights: - CVSS scores: Base 8.8 - Temporal 7.7 - Exploit status & code maturity: Publicly Disclosed: No; Exploited: No; Exploit Code Maturity: UNPROVEN. - Impact: Elevation of Privilege with HIGH confidentiality, integrity, and availability impacts. - Exploitation likelihood: Exploitation Less Likely; network vector, LOW attack complexity, LOW privileges required, and NO user interaction. - Severity for enterprise: High technical severity, with higher concern for network-reachable WSUS deployments because the vulnerability is remotely accessible and does not require user interaction. - Patch status: available Affected systems: - Windows 10 1607 - Windows 10 1809 - Windows Server 2012 - Windows Server 2012 R2 - Windows Server 2016 - Windows Server 2019 - Windows Server 2022 - Windows Server 2025