CVE-2026-50375
DirectX Graphics Kernel Elevation of Privilege Vulnerability
Description
Heap-based buffer overflow in Windows DirectX allows an authorized attacker to elevate privileges locally.
In plain language
AI Act nowCVE-2026-50375 is a Windows DirectX bug that lets a local attacker with low privileges crash or gain higher system privileges; most small businesses only need to worry if someone can get local access to a workstation or server.
CVE-2026-50375 is a heap-based buffer overflow in Windows DirectX that can be exploited for local privilege elevation by an attacker who already has low-privilege access; it requires no user interaction.
What to do now
- Check whether your business runs an affected Windows version (Windows 10, Windows 11, Windows Server 2019, Windows Server 2022, Windows Server 2025).
- Compare your current OS build number against the fixed versions listed by Microsoft for CVE-2026-50375.
- Install the Microsoft update that fixes CVE-2026-50375 as soon as possible (see the exact fixed build numbers below).
- If you can’t patch immediately, reduce risk by preventing untrusted users from getting low-privilege local access to affected machines and keeping endpoints locked down.
CVSS Vector Breakdown
AV:LAttack VectorAC:HAttack ComplexityPR:LPrivileges RequiredUI:NUser InteractionS:UScopeC:NConfidentialityI:HIntegrityA:HAvailabilityWeaknesses
Affected Products
Exploitability
Attack Graph
Click technique nodes for MITRE ATT&CK details · drag to pan · Ctrl/⌘ + scroll to zoom, or go fullscreen.
MITRE ATT&CK
1 techniqueReferences
- Microsoft and Adobe Patch Tuesday, July 2026 Security Update Reviewen-us·Qualys Security Blog·
- Microsoft Patch Tuesday for July 2026 — Snort rules and prominent vulnerabilitiesen·Cisco Talos·
- Microsoft Patch Tuesday July 2026 - The AI Acopolypse is Hereen·SANS Internet Storm Center·
- Microsoft July 2026 Patch Tuesday fixes massive 570 flaws, 3 zero-daysen-us·BleepingComputer·
Unlock Complete Vulnerability Intelligence
Get the full picture for CVE-2026-50375 and every CVE in our database. Create a free account — no credit card required.
Create Free Account