Improper access control in Windows and Windows Server - CVE-2026-50297
Published: July 17, 2026
Windows
Windows Server
Detailed vulnerability description
The vulnerability allows a local user to escalate privileges.
The vulnerability exists due to improper access control in Windows Win32K when handling local access to Win32K functionality. A local user can exploit the access control flaw to escalate privileges.
Successful exploitation could grant SYSTEM privileges. Exploitation requires preparation of the target environment to improve reliability.