Path traversal in Windows and Windows Server - CVE-2026-50454
Published: July 17, 2026
Windows
Windows Server
Detailed vulnerability description
The vulnerability allows a local user to elevate privileges.
The vulnerability exists due to relative path traversal in Windows User Interface Core when handling local file paths. A local user can manipulate path input to elevate privileges.
Successful exploitation could allow deletion of arbitrary system files and lead to SYSTEM privileges.