CVE-2026-50458 is a Microsoft Brokering File System elevation of privilege vulnerability caused by a use-after-free issue. Microsoft rates it as High severity with a CVSS v3.1 base score of 7.8 and temporal score of 6.8. The vector is local-only (AV:L), requires low privileges (PR:L), and no user interaction (UI:N). If exploited, it can lead to high confidentiality, integrity, and availability impact. Microsoft reports no public disclosure and no known exploitation; exploit code maturity is unproven. For enterprise environments, the local attack vector lowers exposure relative to network-reachable flaws, but the impact remains significant on systems where attackers can obtain local access. Highlights: - CVSS scores: Base 7.8 - Temporal 6.8 - Exploit status & code maturity: Publicly Disclosed: No; Exploited: No; Exploit Code Maturity: UNPROVEN - Impact: Elevation of Privilege; confidentiality, integrity, and availability impacts are all HIGH - Exploitation likelihood: Not stated as "Exploitation More Likely"; vector context is LOCAL with LOW attack complexity, LOW privileges required, and NO user interaction - Severity for enterprise: High technical severity, but lower enterprise exposure than remote/network-based vulnerabilities because exploitation requires local access - Patch status: available Affected systems: - Windows 11 24H2 - Windows 11 25H2 - Windows 11 26H1 - Windows 11 unspecified - Windows Server 2025