CVE-2026-50295: Windows Zero Trust DNS Security Feature Bypass Vulnerability

Overview

Severity
Medium (CVSS 5.5)
CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
Category
Security Feature Bypass
Exploit Status
Not Exploited
Exploitation Likelihood
Less Likely
Patch Tuesday
2026-Jul
Released
2026-07-14

Description

Improper privilege management in Microsoft Windows DNS allows an authorized attacker to bypass a security feature locally.

FAQ

What kind of security feature could be bypassed by successfully exploiting this vulnerability? An attacker who successfully exploited this vulnerability could bypass Zero Trust DNS (ZTDNS) policy enforcement.

Affected Products (8)

Windows

  • Windows Server 2025 (Server Core installation)
  • Windows 11 Version 25H2 for ARM64-based Systems
  • Windows 11 Version 25H2 for x64-based Systems
  • Windows 11 Version 24H2 for ARM64-based Systems
  • Windows 11 Version 24H2 for x64-based Systems
  • Windows Server 2025
  • Windows 11 version 26H1 for x64-based Systems
  • Windows 11 Version 26H1 for ARM64-based Systems

Security Updates (4)

Acknowledgments

ChenJian with Sea Security Orca Team

Revision History

  • 2026-07-14: Information published.