CVE-2026-55014 is a Windows Remote Help vulnerability caused by improper access control that can lead to elevation of privilege. Microsoft rates it CVSS v3.1 7.8 (High) with a temporal score of 6.8; the vector is LOCAL, LOW attack complexity, LOW privileges required, and NO user interaction. The impact is high across confidentiality, integrity, and availability. Microsoft says it is not publicly disclosed, not exploited, and exploit code maturity is UNPROVEN. Because it is local-only, it is less relevant to internet-facing service exposure than network-based issues, but it can still be important on systems where untrusted local users or code are present. Highlights: - CVSS scores: Base 7.8 - Temporal 6.8 - Exploit status & code maturity: Publicly Disclosed: No; Exploited: No; Exploit Code Maturity: UNPROVEN - Impact: Elevation of Privilege with HIGH confidentiality, HIGH integrity, and HIGH availability impact - Exploitation likelihood: Latest Software Release: Exploitation Less Likely; vector context is LOCAL, LOW attack complexity, LOW privileges required, and NO user interaction - Severity for enterprise: High severity by CVSS, but lower risk for internet-exposed services because the attack vector is local; risk is more relevant on endpoints or shared Windows systems where local execution or low-privilege access is already possible - Patch status: available; customer action required Affected systems: - No products listed in the source data