CVE-2026-58536 - Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability - is a use-after-free vulnerability in the Windows Cloud Files Mini Filter Driver that can lead to elevation of privilege. The CVSS v3.1 base score is 7.8 (High) with a temporal score of 6.8; the vector is LOCAL, LOW attack complexity, LOW privileges required, and NO user interaction. Microsoft lists no public disclosure and no known exploitation, with exploit code maturity UNPROVEN, but rates exploitation as more likely. Because the issue is local-only, it is more relevant to systems where an attacker can obtain local execution or low-privilege access than to internet-facing services. Highlights: - CVSS scores: Base 7.8 - Temporal 6.8 - Exploit status & code maturity: Publicly Disclosed: No; Exploited: No; Exploit Code Maturity: UNPROVEN. - Impact: Elevation of Privilege with HIGH confidentiality, HIGH integrity, and HIGH availability impacts. - Exploitation likelihood: Exploitation More Likely; the LOCAL vector, LOW attack complexity, LOW privileges required, and NO user interaction are consistent with local abuse rather than network-based exploitation. - Severity for enterprise: High severity by CVSS, but enterprise risk is mainly for endpoints and servers where untrusted local code or low-privilege access is possible; it is not a network-exposed, no-interaction vulnerability. - Patch status: available Affected systems: - Windows 10 1809 - Windows 10 21H2 - Windows 10 22H2 - Windows 11 24H2 - Windows 11 25H2 - Windows 11 26H1 - Windows 11 unspecified - Windows Server 2019 - Windows Server 2022 - Windows Server 2025