CVE-2026-54121 is an Active Directory Certificate Services improper authorization vulnerability that can lead to elevation of privilege. Microsoft rates it at CVSS v3.1 base 8.8 (High) with a temporal score of 7.7; the vector is network-based, low attack complexity, requires low privileges, and no user interaction (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). Microsoft says it is not publicly disclosed and not exploited, with exploit code maturity unproven. In enterprise environments, the network-exposed nature and lack of user interaction increase risk, especially where Active Directory Certificate Services is present and reachable by authenticated users. Highlights: - CVSS scores: Base 8.8 - Temporal 7.7 - Exploit status & code maturity: Publicly Disclosed: No; Exploited: No; Exploit Code Maturity: UNPROVEN - Impact: Elevation of Privilege with HIGH confidentiality, integrity, and availability impacts - Exploitation likelihood: Exploitation Less Likely; despite the network vector and no user interaction, exploitation requires low privileges - Severity for enterprise: High severity and relevant to enterprise AD environments, particularly where authenticated users can reach Active Directory Certificate Services - Patch status: available Affected systems: - Windows 10 1607 - Windows 10 1809 - Windows Server 2012 - Windows Server 2012 R2 - Windows Server 2016 - Windows Server 2019 - Windows Server 2022 - Windows Server 2025