Microsoft

Microsoft has a high-severity local privilege escalation vulnerability (CVSS 7.8) that requires user interaction but no authentication to exploit, potentially allowing attackers to gain complete control over confidentiality, integrity, and availability of affected systems. The vulnerability can only be exploited locally by an unauthenticated user who tricks a legitimate user into performing a specific action. Security teams should prepare for patching when the vendor deadline of April 22, 2026 arrives and monitor for any proof-of-concept exploits in the interim.