CVE-2026-58532 is a Windows Kernel elevation of privilege vulnerability caused by an integer overflow or wraparound condition. Microsoft rates it at CVSS v3.1 base 7.8, temporal 6.8, with a LOCAL attack vector, LOW attack complexity, LOW privileges required, and no user interaction. If successfully exploited, an attacker could gain SYSTEM privileges, with HIGH confidentiality, integrity, and availability impact. Microsoft reports no public disclosure and no exploitation, with exploit code maturity UNPROVEN. Because it is local-only, enterprise risk is mainly to systems where an attacker already has local access or can run code on the host. Highlights: - CVSS scores: Base 7.8 - Temporal 6.8 - Exploit status & code maturity: Publicly Disclosed: No; Exploited: No; Exploit Code Maturity: UNPROVEN - Impact: Elevation of Privilege; CIA impacts are HIGH / HIGH / HIGH; successful exploitation can yield SYSTEM privileges - Exploitation likelihood: Exploitation Less Likely; vector context is LOCAL, LOW attack complexity, LOW privileges required, and no user interaction - Severity for enterprise: High technical severity, but lower exposure than network-reachable flaws because exploitation requires local access on the target system - Patch status: available; customer action required Affected systems: - Windows 10 1607 - Windows 10 1809 - Windows 10 21H2 - Windows 10 22H2 - Windows 11 24H2 - Windows 11 25H2 - Windows 11 26H1 - Windows 11 unspecified - Windows Server 2012 - Windows Server 2012 R2 - Windows Server 2016 - Windows Server 2019 - Windows Server 2022 - Windows Server 2025