CVE-2026-50676 is a Windows Media Elevation of Privilege vulnerability caused by a race condition, affecting Windows 11 24H2, 25H2, 26H1, and unspecified versions. Microsoft rates it CVSS v3.1 7.8 High with a temporal score of 6.8; the vector is local, low attack complexity, low privileges required, and no user interaction. If successfully exploited, an attacker could gain SYSTEM privileges. Microsoft says there is no public disclosure or known exploitation, exploit code maturity is unproven, and exploitation is considered unlikely. Because it is local-only, this is more relevant to systems where untrusted local code or users can run than to network-exposed services. Highlights: - CVSS scores: Base 7.8 - Temporal 6.8 - Exploit status & code maturity: Publicly Disclosed: No; Exploited: No; Exploit Code Maturity: UNPROVEN. - Impact: Elevation of Privilege; confidentiality, integrity, and availability impacts are all HIGH; successful exploitation could grant SYSTEM privileges. - Exploitation likelihood: Exploitation Unlikely; local vector, LOW attack complexity, LOW privileges required, and NO user interaction. - Severity for enterprise: High on affected endpoints and shared Windows systems, but lower risk for internet-facing exposure because the attack is LOCAL rather than network-based. - Patch status: available; customer action required. Affected systems: - Windows 11 24H2 - Windows 11 25H2 - Windows 11 26H1 - Windows 11 unspecified