CVE-2026-58613 is a Windows Cloud Files Mini Filter Driver use-after-free vulnerability that can lead to elevation of privilege to SYSTEM. Microsoft rates it CVSS v3.1 base 7.8 and temporal 6.8 with a LOCAL attack vector, LOW attack complexity, LOW privileges required, and no user interaction. Microsoft reports no public disclosure and no exploitation, with exploit code maturity UNPROVEN. Because this is a local privilege escalation issue, enterprise risk is highest where attackers already have some local access on affected Windows systems, rather than on network-exposed services. Highlights: - CVSS scores: Base 7.8 - Temporal 6.8 - Exploit status & code maturity: Publicly Disclosed: No; Exploited: No; Exploit Code Maturity: UNPROVEN. - Impact: Elevation of Privilege; confidentiality, integrity, and availability impacts are all HIGH. - Exploitation likelihood: Exploitation Less Likely; LOCAL vector, LOW attack complexity, LOW privileges required, and no user interaction. - Severity for enterprise: High technical severity, but constrained by the local attack vector; most relevant for systems where an attacker can already run code or obtain local access. - Patch status: available; customer action required. Affected systems: - Windows 10 1809 - Windows 10 21H2 - Windows 10 22H2 - Windows 11 24H2 - Windows 11 25H2 - Windows 11 26H1 - Windows 11 unspecified - Windows Server 2019 - Windows Server 2022 - Windows Server 2025