CVE-2026-50351
Awaiting Analysis Awaiting Analysis - Queue

Improper Access Control in Windows Audio Compression Manager

Vulnerability report for CVE-2026-50351, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-14

Last updated on: 2026-07-14

Assigner: Microsoft Corporation

Description

Improper access control in Windows Audio Compression Manager (ACM) allows an authorized attacker to elevate privileges locally.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-14
Last Modified
2026-07-14
Generated
2026-07-15
AI Q&A
2026-07-14
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
microsoft windows_audio_compression_manager *

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-284 The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

CVE-2026-50351 is a vulnerability in the Windows Audio Compression Manager (ACM). It involves improper access control, which means the system does not properly restrict access to certain functions or resources within the ACM component.

An authorized attacker with low privileges (local access) can exploit this flaw to elevate their privileges on the affected system. This could allow them to gain higher-level permissions, such as administrative rights, which they would not normally have.

Impact Analysis

If you are using a system with the Windows Audio Compression Manager (ACM) affected by this vulnerability, the impact could be significant.

  • An attacker with local access to your system could exploit this vulnerability to elevate their privileges.
  • Once privileges are elevated, the attacker could perform actions such as installing malicious software, accessing or modifying sensitive data, or creating new user accounts with full administrative rights.
  • This could lead to a complete compromise of the affected system, potentially allowing the attacker to maintain persistent access or move laterally within a network.
Compliance Impact

This vulnerability could have implications for compliance with various standards and regulations, depending on the context in which the affected system is used.

  • GDPR: If the affected system processes or stores personal data of EU citizens, a successful exploit could lead to unauthorized access or modification of this data. This may result in a data breach, which would require notification under GDPR and could lead to fines or other penalties.
  • HIPAA: For organizations handling protected health information (PHI) in the U.S., this vulnerability could result in unauthorized access to PHI. A breach of PHI would require notification and could lead to penalties under HIPAA regulations.
  • Other standards: Compliance frameworks like ISO 27001, NIST, or PCI DSS require organizations to maintain the confidentiality, integrity, and availability of systems and data. A privilege escalation vulnerability like this could undermine these requirements, leading to non-compliance and potential audit failures.
Detection Guidance

The provided context does not include specific detection methods or commands for identifying the vulnerability (CVE-2026-50351) on a network or system. Detection typically involves checking for the presence of vulnerable versions of the Windows Audio Compression Manager (ACM) or verifying if the system has applied the necessary security updates.

To check for updates or patches, you may refer to Microsoft's official update guide for this CVE. However, no direct commands or tools are mentioned in the provided resources.

Mitigation Strategies

To mitigate CVE-2026-50351, apply the security update provided by Microsoft as soon as possible. The update addresses the improper access control issue in the Windows Audio Compression Manager (ACM).

  • Visit the Microsoft Security Response Center (MSRC) update guide for CVE-2026-50351 to download and install the patch.
  • Ensure all systems running affected versions of Windows are updated to the latest secure version.
  • Restrict local access to systems to minimize the risk of exploitation by an authorized attacker.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-50351. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart