Integer overflow in Windows and Windows Server - CVE-2026-50298

 

Integer overflow in Windows and Windows Server - CVE-2026-50298

Published: July 17, 2026


Vulnerability identifier: #VU137984
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2026-50298
CWE-ID: CWE-190
Exploitation vector: Local access
Exploit availability: No public exploit available
Vendor: Microsoft
Affected software:
Windows
Windows Server

Detailed vulnerability description

The vulnerability allows an attacker with physical access to escalate privileges.

The vulnerability exists due to integer overflow or wraparound in Windows Spaceport.sys when processing crafted input through physical access to the system. An attacker with physical access can trigger the flaw to escalate privileges.

Successful exploitation could allow the attacker to obtain SYSTEM privileges.


How to mitigate CVE-2026-50298

Install security update from vendor's website.

Sources