CVE-2026-50646 is a .NET Framework remote code execution vulnerability classified as a protection mechanism failure. Microsoft rates it High severity with a CVSS v3.1 base score of 7.8 and temporal score of 6.8. The vector is local attack, low complexity, no privileges required, and user interaction required, with high confidentiality, integrity, and availability impact. Microsoft reports no public disclosure and no exploitation, with exploit code maturity unproven. Because the attack is local and requires user interaction, enterprise risk is lower than for network-exploitable issues, but it remains relevant for environments where users may run untrusted local code or interact with malicious content. Highlights: - CVSS scores: Base 7.8 - Temporal 6.8 - Exploit status & code maturity: Publicly Disclosed: No; Exploited: No; Exploit Code Maturity: UNPROVEN. - Impact: Remote Code Execution with HIGH confidentiality, integrity, and availability impacts. - Exploitation likelihood: Exploitation Less Likely; vector is LOCAL, LOW attack complexity, NO privileges required, and USER INTERACTION REQUIRED. - Severity for enterprise: High technical severity, but lower exposure than network-based RCE because exploitation requires local access and user interaction rather than remote unauthenticated access. - Patch status: available; customer action required. Affected systems: - Not listed in source data