CVE-2026-50518 is a Windows DHCP Server remote code execution vulnerability caused by a heap-based buffer overflow. Microsoft rates it Critical with a CVSS v3.1 base score of 9.8 and temporal score of 8.5. The vector is network-based, requires no privileges and no user interaction, and has high confidentiality, integrity, and availability impact. Microsoft says exploitation is not publicly disclosed and not known to be exploited, but it is rated “Exploitation More Likely,” making this a significant risk for enterprise systems running the affected DHCP Server component, especially network-exposed servers. Highlights: - CVSS scores: Base 9.8 - Temporal 8.5 - Exploit status & code maturity: Publicly Disclosed: No; Exploited: No; Exploit Code Maturity: UNPROVEN. - Impact: Remote Code Execution with HIGH confidentiality, integrity, and availability impacts. - Exploitation likelihood: Exploitation More Likely; the network vector, LOW attack complexity, NO privileges required, and NO user interaction increase remote exploitability. - Severity for enterprise: Critical. Network-reachable DHCP Server instances are high risk because the attack can be attempted remotely without authentication or user interaction. - Patch status: available; customer action required. Affected systems: - Windows 10 1607, 1809 - Windows Server 2012, 2012 R2, 2016, 2019, 2022, 2025