CVE-2026-50466 is a Microsoft Brokering File System elevation of privilege vulnerability caused by a use-after-free issue. Microsoft rates it CVSS v3.1 7.8 (High) with a temporal score of 6.8. The attack vector is local, attack complexity is low, privileges required are low, and user interaction is none. If exploited, confidentiality, integrity, and availability are all impacted at high levels. Microsoft lists the exploit status as not publicly disclosed, not exploited, and exploitation unlikely. For enterprise environments, the main risk is from local attacker access on affected Windows systems rather than network exposure. Highlights: - CVSS scores: Base 7.8 - Temporal 6.8 - Exploit status & code maturity: Publicly Disclosed: No; Exploited: No; Exploit Code Maturity: UNPROVEN - Impact: Elevation of Privilege with HIGH confidentiality, HIGH integrity, and HIGH availability impacts - Exploitation likelihood: Exploitation Unlikely; local vector with LOW attack complexity, LOW privileges required, and NO user interaction - Severity for enterprise: High severity, but lower exposure risk than network-based issues because exploitation is local-only; most relevant where untrusted local code or users are present - Patch status: available; customer action required Affected systems: - Windows 11 24H2 - Windows 11 25H2 - Windows 11 26H1 - Windows 11 unspecified - Windows Server 2025