CVE-2026-55001 - Active Directory Domain Services Elevation of Privilege Vulnerability - is an improper certificate validation issue in Active Directory Domain Services that can lead to elevation of privilege. Microsoft rates it as High severity with a CVSS v3.1 base score of 7.8 and temporal score of 6.8. The attack vector is LOCAL, attack complexity is LOW, privileges required are LOW, and no user interaction is needed. Microsoft states the issue is not publicly disclosed, not exploited, and exploit code maturity is UNPROVEN. Because exploitation is local-only, enterprise risk is mainly for systems where attackers can already obtain local access or low-privilege execution. Highlights: - CVSS scores: Base 7.8 - Temporal 6.8 - Exploit status & code maturity: Publicly Disclosed: No; Exploited: No; Exploit Code Maturity: UNPROVEN. - Impact: Elevation of Privilege with HIGH confidentiality, HIGH integrity, and HIGH availability impacts. - Exploitation likelihood: Exploitation Less Likely - LOCAL attack vector, LOW attack complexity, LOW privileges required, and NO user interaction required. - Severity for enterprise: High technical severity, but the local-only vector lowers exposure for internet-facing services; risk is more relevant on internal Windows systems where local access is possible. - Patch status: available; customer action required. Affected systems: - Windows 10 1607 - Windows 10 1809 - Windows Server 2016 - Windows Server 2019 - Windows Server 2022 - Windows Server 2025