CVE-2026-57087 - Microsoft Windows Media Foundation Remote Code Execution Vulnerability - is a heap-based buffer overflow in Windows Media Foundation that can lead to remote code execution. Microsoft rates it CVSS v3.1 base 8.8 (High) with a temporal score of 7.7; the vector is NETWORK, LOW attack complexity, NO privileges required, and USER INTERACTION REQUIRED. The issue is publicly disclosed as No, exploited as No, and exploit code maturity is UNPROVEN. The vulnerability is phishing-related in the sense that an attacker may convince a user to open a specially crafted media file, which makes enterprise risk higher for environments where users handle untrusted media content. Highlights: - CVSS scores: Base 8.8 - Temporal 7.7 - Exploit status & code maturity: Publicly Disclosed: No; Exploited: No; Exploit Code Maturity: UNPROVEN. - Impact: Remote Code Execution with HIGH confidentiality, HIGH integrity, and HIGH availability impact. - Exploitation likelihood: Exploitation Less Likely; network attack vector and low complexity increase feasibility, but USER INTERACTION REQUIRED reduces real-world exposure compared with fully unattended remote exploits. - Severity for enterprise: High severity, especially for organizations where users can be induced to open external media files; lower risk than a no-interaction network service exploit, but still significant because successful exploitation could give code execution on affected systems. - Patch status: available; customer action required. Affected systems: - Windows 10 1607 - Windows 10 1809 - Windows 10 21H2 - Windows 10 22H2 - Windows 11 24H2 - Windows 11 25H2 - Windows 11 26H1 - Windows 11 unspecified - Windows Server 2016 - Windows Server 2019 - Windows Server 2022 - Windows Server 2025