Improper Authentication in Windows and Windows Server - CVE-2026-50365
Published: July 17, 2026
Windows
Windows Server
Detailed vulnerability description
The vulnerability allows a remote attacker to escalate privileges.
The vulnerability exists due to improper authentication in Windows RPC API when a user actively connects to the affected server and runs a specific command. A remote attacker can send a specially crafted command over an adjacent network to escalate privileges.
Successful exploitation could result in SYSTEM privileges. User interaction is required to connect to the server and run the command.