CVE Tools

CVE-2026-50423

Windows Kernel Elevation of Privilege Vulnerability

Published: Jul 14, 2026Updated: Jul 15, 2026 Sources: CVE List NVDCWE-284

Description

Improper access control in Windows Kernel allows an authorized attacker to elevate privileges locally.

In plain language

AI Act now

CVE-2026-50423 is a Windows kernel flaw where a user who already has limited access can gain higher (system-level) privileges; this is serious enough that most small businesses should patch if they run affected Windows versions.

Executive summary

CVE-2026-50423 is a local privilege escalation in the Windows Kernel caused by missing or incorrect kernel access controls, allowing an authorized attacker with low privilege to elevate without any user interaction.

If affected, business impact
Full system compromiseMalware persistenceData theft riskBusiness disruption

What to do now

  1. Check whether your organization runs Windows 10, Windows 11, Windows Server 2022, or Windows Server 2025.
  2. Verify your exact Windows version/build number against the fixed versions below.
  3. Upgrade/patch Windows so it is at or above the fixed version for your specific product:
    • Windows 10: 10.0.19044.7548 or 10.0.19045.7548
    • Windows 11: 10.0.26100.8875 or 10.0.26200.8875 or 10.0.28000.2269
    • Windows Server 2022: 10.0.20348.5386
    • Windows Server 2025: 10.0.26100.33158
  4. If patching is delayed, restrict who can log on to affected machines and reduce local account access (treat any existing low-privilege user as a potential risk source) until fixes are applied.
Patch / advisory Usually a quick update

CVSS Vector Breakdown

AV:LAC:LPR:LUI:NS:UC:HI:HA:H
Exploitability
AV:LAttack Vector
Local
AC:LAttack Complexity
Low
PR:LPrivileges Required
Low
UI:NUser Interaction
None
Scope
S:UScope
Unchanged
Impact
C:HConfidentiality
High
I:HIntegrity
High
A:HAvailability
High

Weaknesses

Affected Products

and 4 more affected products View all →

Exploitability

No known exploits, KEV entries, or remediation guidance available for this vulnerability yet.

References

4

Unlock Complete Vulnerability Intelligence

Get the full picture for CVE-2026-50423 and every CVE in our database. Create a free account — no credit card required.

Create Free Account
Plain-language analysis
Impact assessment and exploitation scenario in plain English
Attack graph visualization
Interactive attack path and kill chain mapping
Exploit details & PoC links
ExploitDB, Metasploit, GitHub PoCs with direct links
Nuclei scanner templates
Ready-to-use vulnerability scanner templates
Full remediation guide
Patch instructions, workarounds, and compliance impact
Interactive AI chat
Ask questions about this vulnerability in natural language
Related vulnerabilities
Semantically similar CVEs and attack patterns
REST API & MCP access
Integrate vulnerability data into your workflows