CVE-2026-58537 is a Microsoft NAT Helper Components (ipnathlp.dll) elevation of privilege vulnerability caused by a use-after-free issue. It affects Windows 11 24H2, 25H2, 26H1, unspecified, and Windows Server 2025. Microsoft rates it High severity with a CVSS v3.1 base score of 7.8 and temporal score of 6.8. The attack vector is LOCAL, with LOW attack complexity, LOW privileges required, and no user interaction. Microsoft indicates the issue is not publicly disclosed, not exploited, and exploit code maturity is UNPROVEN; exploitation likelihood is listed as less likely. If successfully exploited, an attacker could gain SYSTEM privileges. Highlights: - CVSS scores: Base 7.8 - Temporal 6.8 - Exploit status & code maturity: Publicly Disclosed: No; Exploited: No; Exploit Code Maturity: UNPROVEN. - Impact: Elevation of Privilege; confidentiality, integrity, and availability impacts are all HIGH; attacker could gain SYSTEM privileges. - Exploitation likelihood: Exploitation Less Likely; vector is LOCAL with LOW attack complexity, LOW privileges required, and NO user interaction. - Severity for enterprise: High technical severity, but enterprise exposure is limited by the local-only attack vector; risk is more relevant on systems where untrusted local code or users can run. - Patch status: available; customer action is required. Affected systems: - Windows 11 24H2 - Windows 11 25H2 - Windows 11 26H1 - Windows 11 unspecified - Windows Server 2025