CVE-2026-50333
Awaiting Analysis Awaiting Analysis - Queue

Missing Authentication in Windows Spaceport.sys Elevates Privileges

Vulnerability report for CVE-2026-50333, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-14

Last updated on: 2026-07-14

Assigner: Microsoft Corporation

Description

Missing authentication for critical function in Windows Spaceport.sys allows an authorized attacker to elevate privileges locally.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-14
Last Modified
2026-07-14
Generated
2026-07-15
AI Q&A
2026-07-14
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
microsoft windows_spaceport *-*

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-306 The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

CVE-2026-50333 is a vulnerability in the Windows Spaceport.sys driver. It involves a missing authentication mechanism for a critical function, which allows an attacker who already has some level of access to the system (an authorized attacker) to elevate their privileges locally.

This means the attacker can gain higher-level permissions on the system than they were originally granted, potentially allowing them to perform actions they should not be able to, such as accessing sensitive data or executing malicious code with elevated privileges.

Impact Analysis

If you are affected by this vulnerability, the impact could include:

  • An attacker with local access to your system could elevate their privileges, gaining administrative or system-level control.
  • This could lead to unauthorized access to sensitive data, installation of malware, or disruption of system operations.
  • Since the vulnerability is local, the attacker must already have some form of access to the system, but once exploited, they can bypass security restrictions and escalate their privileges.
Compliance Impact

This vulnerability could impact compliance with standards and regulations in the following ways:

  • GDPR: If the vulnerability leads to unauthorized access to personal data, it could result in a data breach, violating GDPR requirements for data protection and potentially leading to fines or legal action.
  • HIPAA: For organizations handling protected health information (PHI), exploitation of this vulnerability could lead to unauthorized access or disclosure of PHI, violating HIPAA's security and privacy rules.
  • Other standards (e.g., ISO 27001, NIST): The vulnerability represents a failure to implement proper access controls and authentication mechanisms, which are core requirements for maintaining security and compliance under these frameworks.

Organizations should assess their exposure to this vulnerability and apply patches or mitigations to avoid compliance violations.

Detection Guidance

The provided context does not include specific detection methods or commands for identifying the vulnerability in Windows Spaceport.sys. Detection typically involves checking for the presence of the vulnerable driver version or using security tools to scan for missing authentication in critical functions.

To check the version of Spaceport.sys, you may use the following command in a Windows command prompt or PowerShell:

  • Command: driverquery | findstr Spaceport.sys

For a more detailed inspection, you can use Windows built-in tools like System Information (msinfo32) or third-party vulnerability scanners that support CVE-2026-50333 detection. Refer to Microsoft's official guidance for updated detection methods.

Mitigation Strategies

The provided context does not include specific mitigation steps for CVE-2026-50333. However, general immediate steps to mitigate such vulnerabilities include:

  • Apply the latest security updates from Microsoft as soon as they are available. Check the Microsoft Update Guide for patches related to CVE-2026-50333.
  • Restrict local access to systems to only authorized users, as the vulnerability requires local privileges to exploit.
  • Monitor Microsoft's security advisories for additional guidance or workarounds until a patch is applied.

For the most accurate and up-to-date mitigation steps, refer to the official Microsoft resource linked in the CVE data.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-50333. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart