CVE-2026-50488 is a Windows Clipboard User Service Elevation of Privilege vulnerability caused by improper neutralization of special elements used in a command. It affects Windows 11 24H2, Windows 11 25H2, and Windows Server 2025. Microsoft rates it High with a CVSS v3.1 base score of 7.8 and a temporal score of 6.8. The attack vector is LOCAL, with LOW attack complexity, LOW privileges required, and no user interaction. Microsoft reports no public disclosure and no exploitation, with exploit code maturity UNPROVEN. For enterprise environments, this is a local privilege escalation issue rather than a remotely reachable service issue, so risk is higher where untrusted local users or code can run on affected systems. Highlights: - CVSS scores: Base 7.8 - Temporal 6.8 - Exploit status & code maturity: Publicly Disclosed: No; Exploited: No; Exploit Code Maturity: UNPROVEN. - Impact: Elevation of Privilege; confidentiality, integrity, and availability impacts are all HIGH. - Exploitation likelihood: Exploitation Less Likely; the vector is LOCAL with LOW attack complexity, LOW privileges required, and NO user interaction. - Severity for enterprise: High severity, but enterprise exposure is limited by the local attack vector. Risk is most relevant on systems where attackers may already have local access or can execute code on the host. - Patch status: available Affected systems: - Windows 11 24H2 - Windows 11 25H2 - Windows Server 2025