CVE-2026-50387
Windows GDI Elevation of Privilege Vulnerability
Description
Stack-based buffer overflow in Windows GDI allows an authorized attacker to elevate privileges locally.
In plain language
AI Act nowCVE-2026-50387 is a Windows/Office-related flaw that can let a local attacker run code with higher privileges; you should worry if someone with local access can reach your devices, because it can lead to full system control.
CVE-2026-50387 is a stack-based buffer overflow in Windows GDI that can allow an authenticated/authorized local attacker to elevate privileges and execute arbitrary code with elevated rights on vulnerable Windows systems and affected Office clients.
What to do now
- Check whether you run Microsoft Windows (Windows 10/11 and Windows Server 2012/2012 R2/2016/2019) with updates applied.
- For Microsoft Office 365 for Mac and Microsoft Office LTSC for Mac 2021/2024, confirm you are on 16.111.26071215.
- For Microsoft Office for Android, confirm you are on 16.0.20228.20042.
- For Windows 10, upgrade to one of the fixed builds: 10.0.14393.9339, 10.0.17763.9020, 10.0.19044.7548, or 10.0.19045.7548 (use the one that matches your Windows 10 version).
- For Windows 11, upgrade to one of the fixed builds: 10.0.26100.8875, 10.0.26200.8875, or 10.0.28000.2269 (use the one that matches your Windows 11 version).
- For Windows Server 2012, upgrade to 6.2.9200.26226.
- Apply the vendor update from the Microsoft Security Response Center guidance for CVE-2026-50387, then re-check that the affected versions are fully updated.
CVSS Vector Breakdown
AV:LAttack VectorAC:LAttack ComplexityPR:LPrivileges RequiredUI:NUser InteractionS:UScopeC:HConfidentialityI:HIntegrityA:HAvailabilityWeaknesses
Affected Products
Exploitability
Attack Graph
Click technique nodes for MITRE ATT&CK details · drag to pan · Ctrl/⌘ + scroll to zoom, or go fullscreen.
MITRE ATT&CK
1 techniqueReferences
- Microsoft and Adobe Patch Tuesday, July 2026 Security Update Reviewen-us·Qualys Security Blog·
- Microsoft Patch Tuesday for July 2026 — Snort rules and prominent vulnerabilitiesen·Cisco Talos·
- Microsoft Patch Tuesday July 2026 - The AI Acopolypse is Hereen·SANS Internet Storm Center·
- Microsoft July 2026 Patch Tuesday fixes massive 570 flaws, 3 zero-daysen-us·BleepingComputer·
Unlock Complete Vulnerability Intelligence
Get the full picture for CVE-2026-50387 and every CVE in our database. Create a free account — no credit card required.
Create Free Account