CVE-2026-58608 is a Windows Print Spooler remote code execution vulnerability caused by a race condition / concurrent execution issue with improper synchronization. Microsoft rates it as CVSS v3.1 base 8.8 (High) with a temporal score of 7.7. The attack vector is NETWORK, attack complexity is LOW, privileges required are LOW, and user interaction is NONE, with HIGH impacts to confidentiality, integrity, and availability. Microsoft states it has not been publicly disclosed and has not been exploited, with exploit code maturity UNPROVEN. For enterprise environments, the network-reachable nature and lack of user interaction increase risk, particularly where the Print Spooler service is enabled on reachable systems. Highlights: - CVSS scores: Base 8.8 - Temporal 7.7 - Exploit status & code maturity: Publicly Disclosed: No; Exploited: No; Exploit Code Maturity: UNPROVEN. - Impact: Remote Code Execution with HIGH confidentiality, integrity, and availability impacts. - Exploitation likelihood: Exploitation Less Likely; despite the NETWORK vector and NONE user interaction, Microsoft does not currently rate it as more likely. - Severity for enterprise: High severity. The combination of remote attack vector, LOW attack complexity, LOW privileges required, and no user interaction makes this relevant for network-exposed Windows systems, especially those running the Print Spooler service. - Patch status: available; customer action required. Affected systems: - Windows 10 1607 - Windows 10 1809 - Windows 10 21H2 - Windows 10 22H2 - Windows 11 24H2 - Windows 11 25H2 - Windows 11 26H1 - Windows 11 unspecified - Windows Server 2012 - Windows Server 2012 R2 - Windows Server 2016 - Windows Server 2019 - Windows Server 2022 - Windows Server 2025