CVE-2026-57088 is an Extensible Storage Engine (ESENT) Elevation of Privilege vulnerability caused by improper access control. It has a CVSS v3.1 base score of 7.8 (High) and a temporal score of 6.8. The vector is LOCAL, LOW attack complexity, LOW privileges required, and NO user interaction, with HIGH confidentiality, integrity, and availability impacts. Microsoft reports no public disclosure and no known exploitation, with exploit code maturity UNPROVEN and exploitation likelihood assessed as less likely. Because it is a local privilege escalation issue, enterprise risk is highest on systems where untrusted local users or code can run. Highlights: - CVSS scores: Base 7.8 - Temporal 6.8 - Exploit status & code maturity: Publicly Disclosed: No; Exploited: No; Exploit Code Maturity: UNPROVEN. - Impact: Elevation of Privilege; confidentiality, integrity, and availability impacts are all HIGH. - Exploitation likelihood: Exploitation Less Likely; LOCAL vector, LOW attack complexity, LOW privileges required, and NO user interaction. - Severity for enterprise: High technical severity, but risk is constrained by the local attack vector rather than network exposure. More relevant for systems with local user access, shared hosts, or environments where attacker-controlled code can execute locally. - Patch status: available; customer action required. Affected systems: - Windows 10 1809 - Windows Server 2019 - Windows Server 2022 - Windows Server 2025