CVE-2026-58633 is a Desktop Window Manager elevation of privilege vulnerability caused by a use-after-free condition. Microsoft rates it as High severity with a CVSS v3.1 base score of 7.8 and temporal score of 6.8. The attack vector is local, requires low privileges, and needs no user interaction; if exploited, an attacker could elevate privileges to SYSTEM integrity level. Microsoft says it is not publicly disclosed and not exploited, but the exploit likelihood is marked as “Exploitation More Likely.” Because it is local-only, it is more relevant to enterprise systems where attackers can obtain local code execution or low-privilege access. Highlights: - CVSS scores: Base 7.8 - Temporal 6.8 - Exploit status & code maturity: Publicly Disclosed: No; Exploited: No; Exploit Code Maturity: UNPROVEN. - Impact: Elevation of Privilege; confidentiality, integrity, and availability impacts are all HIGH. - Exploitation likelihood: Exploitation More Likely; local attack vector, LOW attack complexity, LOW privileges required, and no user interaction. - Severity for enterprise: High technical severity, but enterprise risk is primarily from systems where an attacker can gain local access; it is not a network-reachable issue. - Patch status: available; customer action required. Affected systems: - Windows 11 26H1, unspecified