Missing Authentication for Critical Function in Windows and Windows Server - CVE-2026-50451
Published: July 17, 2026
Windows
Windows Server
Detailed vulnerability description
The vulnerability allows a local user to escalate privileges.
The vulnerability exists due to missing authentication for a critical function in Windows Routing and Remote Access Service (RRAS) when invoking a critical function locally. A local user can access the affected functionality to escalate privileges.
Successful exploitation could grant SYSTEM privileges.