Relative Path Traversal in Windows and Windows Server - CVE-2026-50426
Published: July 17, 2026
Windows
Windows Server
Detailed vulnerability description
The vulnerability allows a remote privileged user to execute code.
The vulnerability exists due to relative path traversal in DNS Server when processing crafted path input over an adjacent network. A remote privileged user can supply a crafted relative path to execute code.
Exploitation is limited to systems on the same network segment, such as the same network switch or virtual network.