CVE-2026-50508

MEDIUM6.5JSON export Create alert

Description

Exposure of sensitive information to an unauthorized actor in Windows NTLM allows an unauthorized attacker to perform spoofing over a network.

CVSS breakdown

CVSS 3.1

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

None

E

Unchanged

RL

O

RC

Changed

Affected products

Microsoft / Windows 10 Version 160710.0.14393.0 – 10.0.14393.9234
Microsoft / Windows 11 version 22H210.0.22621.0 – 10.0.22631.7219
Microsoft / Windows Server 20126.2.9200.0 – 6.2.9200.26132
Microsoft / Windows Server 2012 R26.3.9600.0 – 6.3.9600.23228
Microsoft / Windows Server 2012 R2 (Server Core installation)6.3.9600.0 – 6.3.9600.23228
Microsoft / Windows Server 2012 (Server Core installation)6.2.9200.0 – 6.2.9200.26132
Microsoft / Windows Server 201610.0.14393.0 – 10.0.14393.9234
Microsoft / Windows Server 2016 (Server Core installation)10.0.14393.0 – 10.0.14393.9234
Microsoft / Windows Server 202210.0.20348.0 – 10.0.20348.5256
Microsoft / Windows Server version 200410.0.0 – 10.0.19045.7417

References

VENDOR_ADVISORYhttps://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-50508