CVE-2026-57968 is a Windows Subsystem for Linux (WSL2) kernel buffer over-read vulnerability that can lead to elevation of privilege. It has a CVSS v3.1 base score of 7.8 (High) and temporal score of 6.8, with a LOCAL attack vector, LOW attack complexity, LOW privileges required, and no user interaction. Microsoft reports no public disclosure and no known exploitation, with exploit code maturity listed as UNPROVEN. Because this is a local vulnerability, enterprise risk is primarily to systems where an attacker already has local access or can run code on the host. Highlights: - CVSS scores: Base 7.8 - Temporal 6.8 - Exploit status & code maturity: Publicly Disclosed: No; Exploited: No; Exploit Code Maturity: UNPROVEN - Impact: Elevation of Privilege; confidentiality HIGH, integrity HIGH, availability HIGH - Exploitation likelihood: Not stated as “Exploitation More Likely”; vector context is LOCAL with LOW attack complexity, LOW privileges required, and no user interaction - Severity for enterprise: High severity by CVSS, but real-world exposure is lower than a network-facing issue because exploitation requires local access on the affected system - Patch status: available; customer action required Affected systems: - Not listed in the provided product_tree data