CVE-2026-50677 is a Windows Media Elevation of Privilege vulnerability caused by a use-after-free issue. It has a CVSS v3.1 base score of 7.8 (High) and a temporal score of 6.8, with a LOCAL attack vector, LOW attack complexity, LOW privileges required, and no user interaction. Microsoft states it is not publicly disclosed, not exploited, and exploit code maturity is UNPROVEN; exploitation likelihood is rated “Exploitation Unlikely.” If successfully exploited, an attacker could gain SYSTEM privileges. Because this is a local vulnerability, enterprise risk is lower than for network-reachable issues, but it remains relevant where untrusted local code or users can run on affected systems. Highlights: - CVSS scores: Base 7.8 - Temporal 6.8 - Exploit status & code maturity: Publicly Disclosed: No; Exploited: No; Exploit Code Maturity: UNPROVEN. - Impact: Elevation of Privilege; confidentiality, integrity, and availability impacts are all HIGH. - Exploitation likelihood: Exploitation Unlikely; LOCAL vector, LOW attack complexity, LOW privileges required, and NO user interaction. - Severity for enterprise: High technical severity, but lower enterprise exposure than network-based vulnerabilities because exploitation requires local access. - Patch status: available; customer action required. Affected systems: - Windows 11 24H2 - Windows 11 25H2 - Windows 11 26H1 - unspecified