PULSE
LIVE21signals / 24h
FEED
ransomdragonforce reclama a NewNet · SA · Telecommunicationransomqilin reclama a Sicc · IT · Not Foundransomqilin reclama a KLD Labs · US · Technologyransomqilin reclama a Armara · FR · Not Foundransomqilin reclama a AK Preparedness · Business Servicesransomthreeam reclama a tws-tac.net · DE · Not Foundransomincransom reclama a v-silicon.com · TW · Technologyransomincransom reclama a FAST.COM.PH · PH · Technologyransomincransom reclama a D.MAG New Material Technology Co., Ltd. Taiwan Giant · TW · Manufacturingransomincransom reclama a vedan corp · VN · Agriculture and Food Productionransomincransom reclama a reatile.co.za · ZA · Not Foundransomincransom reclama a V&P Nurseries · US · Agriculture and Food Productionransomqilin reclama a Powder River Heating & Air Conditioning · US · Consumer Servicesransomqilin reclama a Droguería Martorani · AR · Consumer Servicesransomdragonforce reclama a NewNet · SA · Telecommunicationransomqilin reclama a Sicc · IT · Not Foundransomqilin reclama a KLD Labs · US · Technologyransomqilin reclama a Armara · FR · Not Foundransomqilin reclama a AK Preparedness · Business Servicesransomthreeam reclama a tws-tac.net · DE · Not Foundransomincransom reclama a v-silicon.com · TW · Technologyransomincransom reclama a FAST.COM.PH · PH · Technologyransomincransom reclama a D.MAG New Material Technology Co., Ltd. Taiwan Giant · TW · Manufacturingransomincransom reclama a vedan corp · VN · Agriculture and Food Productionransomincransom reclama a reatile.co.za · ZA · Not Foundransomincransom reclama a V&P Nurseries · US · Agriculture and Food Productionransomqilin reclama a Powder River Heating & Air Conditioning · US · Consumer Servicesransomqilin reclama a Droguería Martorani · AR · Consumer Services
← All CVEs
CVE WatchJul 16, 2026

CVE-2026-50333

Missing authentication for critical function in Windows Spaceport.sys allows an authorized attacker to elevate privileges locally.

CVSS

7.8

High

EPSS

0.2%

p12

KEV

Exploit Today

4

0-100

Published: Jul 14, 2026 · Last modified: Jul 16, 2026 · CWE-306

EPSS · 30d
0.2%EPSS · 30 days0.2%
2026-07-152026-07-17
Technical description

Missing authentication for critical function in Windows Spaceport.sys allows an authorized attacker to elevate privileges locally.

Official references
Related CVEs
CVECVSSEPSSKEVRExploitTitleMod.
CVE-2025-32489.8 CRI
100.0%
KEV80Langflow Missing Authentication Vulnerability4d
CVE-2024-116809.8 CRI
99.8%
KEV80ProjectSend Improper Authentication Vulnerability4d
CVE-2026-561645.3 MED
92.0%
KEV78Microsoft SharePoint Server Missing Authentication for Critical Function Vulnerability4d
CVE-2026-468179.8 CRI
60.3%
KEV68Oracle E-Business Suite Improper Privilege Management Vulnerability2d
CVE-2022-245629.8 CRI
98.9%
30In IOBit IOTransfer 4.3.1.1561, an unauthenticated attacker can send GET and POST requests to Airserv and gain arbitrary read/write access to the entire file-system (with admin privileges) on the victim's endpoint, which can result in data theft and remote code execution.9d
CVE-2026-411769.8 CRI
98.2%
29Rclone is a command-line program to sync files and directories to and from different cloud storage providers. The RC endpoint `options/set` is exposed without `AuthRequired: true`, but it can mutate global runtime configuration, including the RC option block itself. Starting in version 1.45.0 and prior to version 1.73.5, an unauthenticated attacker can set `rc.NoAuth=true`, which disables the authorization gate for many RC methods registered with `AuthRequired: true` on reachable RC servers that are started without global HTTP authentication. This can lead to unauthorized access to sensitive administrative functionality, including configuration and operational RC methods. Version 1.73.5 patches the issue.3d