CVE-2026-50683 - Windows DHCP Client Elevation of Privilege Vulnerability - is a heap-based buffer overflow in the Windows DHCP Client that can lead to elevation of privilege to SYSTEM. Microsoft rates it at CVSS v3.1 base score 8.0 (High) with a temporal score of 7.0; the vector is ADJACENT_NETWORK, LOW attack complexity, LOW privileges required, and NO user interaction. Microsoft states it is not publicly disclosed, not exploited, and exploit code maturity is UNPROVEN. This is a high-severity enterprise issue because successful exploitation can elevate privileges on affected Windows systems, though the adjacent-network requirement reduces exposure compared with a network-reachable remote vector. Highlights: - CVSS scores: Base 8.0 - Temporal 7.0 - Exploit status & code maturity: Publicly Disclosed: No; Exploited: No; Exploit Code Maturity: UNPROVEN. - Impact: Elevation of Privilege; confidentiality, integrity, and availability impacts are all HIGH if exploited. Microsoft says an attacker could gain SYSTEM privileges. - Exploitation likelihood: Exploitation Unlikely; adjacent-network attack vector with LOW attack complexity, LOW privileges required, and NO user interaction. - Severity for enterprise: High severity, with higher risk on systems in reachable local or adjacent network segments; lower risk than internet-facing network services because the attack is not network-wide remote. - Patch status: available; customer action required. Affected systems: - Windows 10 1607 - Windows 10 1809 - Windows Server 2012 - Windows Server 2012 R2 - Windows Server 2016 - Windows Server 2019 - Windows Server 2022 - Windows Server 2025