CVE-2026-50454 - Windows User Interface Core Elevation of Privilege Vulnerability - is a relative path traversal issue that can lead to elevation of privilege on affected Windows systems. Microsoft lists the impact as Elevation of Privilege, with CVSS v3.1 base score 7.8 (High) and temporal score 6.8. The vector is LOCAL, LOW attack complexity, LOW privileges required, and NO user interaction, with HIGH confidentiality, integrity, and availability impacts. Microsoft says it is not publicly disclosed, not exploited, and exploitation is rated more likely. Because the attack is local rather than network-based, the main enterprise risk is on systems where attackers can obtain local access or low-privilege execution. Highlights: - CVSS scores: Base 7.8 - Temporal 6.8 - Exploit status & code maturity: Publicly Disclosed: No; Exploited: No; Exploit Code Maturity: UNPROVEN - Impact: Elevation of Privilege with HIGH confidentiality, HIGH integrity, and HIGH availability impacts; Microsoft says a successful attacker could gain SYSTEM privileges, and the FAQ also notes the ability to delete any system files - Exploitation likelihood: Exploitation More Likely; vector context is LOCAL, LOW attack complexity, LOW privileges required, and NO user interaction - Severity for enterprise: High severity. The local-only vector reduces risk to internet-exposed services, but systems with untrusted local users, shared sessions, or malware footholds are at higher risk - Patch status: available; customer action required Affected systems: - Windows 11 24H2 - Windows 11 25H2 - Windows 11 26H1 - Windows 11 unspecified - Windows Server 2025