CVE-2026-50299 gives an unauthenticated attacker a path to code execution in Windows Storage Spaces Direct, but Microsoft’s own scoring makes the crucial limitation clear: exploitation requires physical access to the affected system. Microsoft fixed the flaw in the July 14, 2026 security updates...