CVE-2026-50680 – Windows Hyper-V Elevation of Privilege Vulnerability
“When an attacker reaches SYSTEM privileges, a single compromised account can become complete control of the host.”
A heap-based buffer overflow vulnerability in Windows Hyper-V allows an authorized attacker to elevate privileges locally. Successful exploitation can enable an attacker with high privileges to gain SYSTEM privileges, providing complete control over the affected operating system. The vulnerability affects Hyper-V hosts and could significantly impact the confidentiality, integrity, and availability of business-critical workloads.
CVSS Score: 8.2
SEVERITY: Critical
THREAT:
This vulnerability affects Windows Hyper-V and can be exploited by an attacker who already has high privileges on the affected system. By exploiting the heap-based buffer overflow, the attacker can elevate privileges to SYSTEM, enabling unrestricted access to the operating system and potentially compromising hosted virtual machines and sensitive enterprise resources.
EXPLOITS:
The vulnerability was not publicly disclosed at the time of publication. Microsoft assesses exploitation as less likely. The CVSS v3.1 temporal metrics list exploit code maturity as Unproven, and the available information does not confirm the existence of publicly available proof-of-concept exploit code.
TECHNICAL SUMMARY:
The vulnerability is caused by a heap-based buffer overflow (CWE-122) in Windows Hyper-V. Improper handling of memory can allow an attacker to corrupt memory and execute code in a more privileged context. According to Microsoft’s advisory, a successful exploit could elevate an attacker to SYSTEM privileges. The CVSS v3.1 metrics identify a local attack vector, low attack complexity, high privileges required, no user interaction, and a changed scope, indicating that exploitation can impact resources beyond the initially compromised security boundary.
EXPLOITABILITY:
Affected products include Windows 10 versions 1809, 21H2, and 22H2, Windows 11 versions 24H2, 25H2, and 26H1, and Windows Server 2019, 2022, and 2025, including affected Server Core installations. Exploitation requires local access with high privileges but no user interaction.
BUSINESS IMPACT:
Compromising a Hyper-V host can have far-reaching consequences because multiple virtual machines and business services may rely on the same platform. Gaining SYSTEM privileges could allow an attacker to disable security controls, manipulate hosted workloads, access sensitive information, interrupt critical services, and establish persistent access within the environment.
WORKAROUND:
No mitigations or workarounds are available.
URGENCY:
This vulnerability should be prioritized because it is rated Critical with a CVSS v3.1 Base Score of 8.2. Although exploitation requires high privileges, successful exploitation grants SYSTEM privileges on Hyper-V hosts, making it a significant risk for virtualized enterprise environments.
Key Details
- Attack Vector
- Local
- Attack Complexity
- Low
- Privileges Required
- High
- User Interaction
- None
- CWE Classification
- CWE-122