Improper access control in Windows and Windows Server - CVE-2026-50350
Published: July 17, 2026
Windows
Windows Server
Detailed vulnerability description
The vulnerability allows a local user to disclose sensitive information.
The vulnerability exists due to improper access control in Windows Trusted Runtime Interface Driver when handling requests from a lower integrity caller process. A local user can trigger the driver to disclose the address of a medium integrity process to disclose sensitive information.
The disclosed information is the address of a medium integrity process leaked to a lower integrity caller process.