CVE-2026-50656

Vulnerability

A race condition exists in the Microsoft Malware Protection Engine (part of Microsoft Defender) during ISO image mounting. The vulnerability, publicly known as "RoguePlanet", affects Windows 11 (Official and Canary channels) and Windows 10 with the June 2026 patch installed. The author notes that all Windows Server versions are likely vulnerable, though the provided proof-of-concept does not work on Server due to ISO mounting restrictions. [1]

Exploitation

An attacker requires local user access and the ability to mount an ISO image. The exploit leverages a race condition that is inherently unreliable; success rates vary by machine, with some achieving 100% and others failing. The PoC does not function on Windows Server because standard users cannot mount ISO images, but the author asserts that a redesigned exploit could overcome this limitation. [1]

Impact

Successful exploitation spawns a SYSTEM shell, granting the attacker full system compromise with the highest privilege level. [1]

Mitigation

Microsoft is actively working on a security update to address this vulnerability. As of the publication date (2026-06-16), no fix is available, and no workarounds have been disclosed. The vulnerability is not listed on the Known Exploited Vulnerabilities (KEV) catalog. [1]