Type Confusion in Windows and Windows Server - CVE-2026-50381
Published: July 17, 2026
Windows
Windows Server
Detailed vulnerability description
The vulnerability allows a local user to disclose sensitive information.
The vulnerability exists due to type confusion in Composite Image File System Driver (cimfs.sys) when accessing a resource using an incompatible type. A local user can trigger the flaw to disclose sensitive information.
The disclosed information is limited to file metadata.