Deserialization of Untrusted Data in Windows and Windows Server - CVE-2026-50509
Published: July 17, 2026
Windows
Windows Server
Detailed vulnerability description
The vulnerability allows a local user to escalate privileges.
The vulnerability exists due to deserialization of untrusted data in Windows Wireless Wide Area Network Service when processing serialized data. A local user can supply crafted serialized data to escalate privileges.
Successful exploitation could allow the attacker to gain SYSTEM privileges.