Use-after-free in Windows and Windows Server - CVE-2026-50672
Published: July 17, 2026
Windows
Windows Server
Detailed vulnerability description
The vulnerability allows a local user to escalate privileges.
The vulnerability exists due to use-after-free in Windows NTFS when processing crafted local actions that trigger a race condition. A local user can win a race condition and prepare the target environment to escalate privileges.
Successful exploitation could allow the attacker to gain SYSTEM privileges.