CVE-2026-50460 is a Windows Runtime Elevation of Privilege vulnerability caused by a race condition from concurrent execution using a shared resource with improper synchronization. Microsoft rates it as HIGH severity with a CVSS v3.1 base score of 8.1 and temporal score of 7.1. The vector is network-based with HIGH attack complexity, no privileges required, no user interaction, and unchanged scope. If successfully exploited, an attacker could gain SYSTEM privileges and the confidentiality, integrity, and availability impacts are all HIGH. Microsoft reports no public disclosure and no known exploitation; exploit code maturity is UNPROVEN. Customer action is required, so this is not already mitigated. Highlights: - CVSS scores: Base 8.1 - Temporal 7.1 - Exploit status & code maturity: Publicly Disclosed: No; Exploited: No; Exploit Code Maturity: UNPROVEN. - Impact: Elevation of Privilege; confidentiality, integrity, and availability impacts are HIGH. Successful exploitation could grant SYSTEM privileges. - Exploitation likelihood: Exploitation Unlikely; network vector, HIGH attack complexity, NO privileges required, and NO user interaction. - Severity for enterprise: High technical severity due to SYSTEM-level impact and network attack vector, but the HIGH complexity and Microsoft’s “Exploitation Unlikely” rating reduce near-term exposure compared with easier remote vulnerabilities. - Patch status: available Affected systems: - Windows 10 1809 - Windows 10 21H2 - Windows 10 22H2 - Windows 11 24H2 - Windows 11 25H2 - Windows 11 26H1 - Windows 11 unspecified - Windows Server 2019 - Windows Server 2022 - Windows Server 2025