CVE-2026-50679 - Windows Search Service Elevation of Privilege Vulnerability - is a heap-based buffer overflow in Windows Search Service that can be exploited locally to elevate privileges. Microsoft rates it as CVSS v3.1 7.8 High with a temporal score of 6.8; the vector is LOCAL, LOW attack complexity, LOW privileges required, and NO user interaction, with HIGH impacts to confidentiality, integrity, and availability. Microsoft states exploitation is not publicly disclosed and not known to be exploited, with exploit code maturity UNPROVEN. The issue is relevant to enterprise environments because successful exploitation could elevate a medium-integrity attacker to high integrity or SYSTEM, but the local-only vector reduces exposure compared with network-reachable flaws. Highlights: - CVSS scores: Base 7.8 - Temporal 6.8 - Exploit status & code maturity: Publicly Disclosed: No; Exploited: No; Exploit Code Maturity: UNPROVEN. - Impact: Elevation of Privilege; attacker could gain SYSTEM privileges. Confidentiality, integrity, and availability impacts are all HIGH. - Exploitation likelihood: Exploitation Less Likely; LOCAL vector, LOW attack complexity, LOW privileges required, and NO user interaction. - Severity for enterprise: High severity technically, but enterprise risk is lower for network-exposed systems because the attack is local-only. Risk is higher on systems where untrusted local code or users can run. - Patch status: available; customer action is required. Affected systems: - Windows 11 24H2 - Windows 11 25H2 - Windows 11 26H1 - Windows 11 unspecified - Windows Server 2025