CVE-2026-50692 - Desktop Window Manager Elevation of Privilege Vulnerability is a heap-based buffer overflow in Desktop Window Manager that can allow elevation of privilege to SYSTEM. Microsoft rates it CVSS v3.1 8.8/7.7 (HIGH), with LOCAL attack vector, LOW attack complexity, LOW privileges required, and no user interaction. Exploitation is not publicly disclosed and not known to be exploited, with exploit code maturity marked UNPROVEN. Because the attack requires local access, enterprise risk is primarily to systems where an attacker can obtain local execution or low-privilege access. Highlights: - CVSS scores: Base 8.8 - Temporal 7.7 - Exploit status & code maturity: Publicly Disclosed: No; Exploited: No; Exploit Code Maturity: UNPROVEN. - Impact: Elevation of Privilege; confidentiality, integrity, and availability impacts are all HIGH. - Exploitation likelihood: Not stated as “Exploitation More Likely” in the source data; vector context is LOCAL with LOW attack complexity, LOW privileges required, and no user interaction. - Severity for enterprise: High technical severity, but the local-only vector lowers exposure for internet-facing services; higher concern on endpoints, servers, or shared systems where a low-privileged attacker could gain local foothold and elevate to SYSTEM. - Patch status: available; customer action required. Affected systems: - Windows 10 1607 - Windows 10 1809 - Windows 10 21H2 - Windows 10 22H2 - Windows 11 24H2 - Windows 11 25H2 - Windows 11 26H1 - Windows 11 unspecified - Windows Server 2016 - Windows Server 2019 - Windows Server 2022 - Windows Server 2025