CVE-2026-50689 is a Windows Clipboard Server use-after-free elevation of privilege vulnerability. Microsoft rates it as High severity with a CVSS v3.1 base score of 7.8 and temporal score of 6.8. The attack vector is LOCAL, attack complexity is LOW, privileges required are LOW, and user interaction is NONE. If successfully exploited, an attacker could gain SYSTEM privileges. Microsoft reports no public disclosure and no known exploitation, with exploit code maturity marked UNPROVEN. Enterprise risk is primarily for systems where a local attacker can obtain execution, since this is not a network-reachable issue. Highlights: - CVSS scores: Base 7.8 - Temporal 6.8 - Exploit status & code maturity: Publicly Disclosed: No; Exploited: No; Exploit Code Maturity: UNPROVEN - Impact: Elevation of Privilege; confidentiality, integrity, and availability impacts are all HIGH; successful exploitation could gain SYSTEM privileges. - Exploitation likelihood: Not stated as “Exploitation More Likely”; source data shows no exploitation reported, with a LOCAL vector, LOW attack complexity, LOW privileges required, and NO user interaction. - Severity for enterprise: High technical severity due to SYSTEM-level elevation potential, but lower exposure than remote vulnerabilities because exploitation requires local access. Risk is more relevant on systems that allow untrusted local code or users. - Patch status: available; customer action required Affected systems: - Windows 10 1809 - Windows 10 21H2 - Windows 10 22H2 - Windows 11 24H2 - Windows 11 25H2 - Windows 11 26H1 - Windows 11 unspecified - Windows Server 2019 - Windows Server 2022 - Windows Server 2025