Description
Improper access control in Microsoft PC Manager allows an authorized attacker to bypass a security feature locally.
Published: 2026-06-09
Score: 7.8 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is an improper access control flaw in Microsoft PC Manager that permits an attacker who already has legitimate local access to bypass a built‑in security feature. This bypass enables the attacker to perform privileged operations that would normally be restricted, potentially compromising confidentiality or integrity of sensitive data or system settings. The weakness is classified as CWE‑284, improper authorization, indicating a failure to enforce expected permissions.

Affected Systems

The affected product is Microsoft PC Manager. No specific version range is listed, so any installations of the software may be vulnerable until a remediation is applied.

Risk and Exploitability

The CVSS score of 7.8 indicates a high severity and the threat is local, requiring an authorized user. EPSS data is unavailable, so exploitation likelihood cannot be quantified, and the vulnerability is not currently listed in CISA’s KEV catalog. Classification as a local, authorized flaw means attackers already have some local presence, but the impact of bypassing a security feature can be significant. The most realistic attack path involves a malicious local user exploiting the flaw directly through the PC Manager application.

Generated by OpenCVE AI on June 9, 2026 at 21:17 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the Microsoft security update for PC Manager as provided in the Microsoft Security Response Center advisory linked above.
  • Limit the number of local accounts with administrative privileges that can use PC Manager, ensuring that only trusted users have access.
  • If a temporary workaround is required, disable or restrict the specific PC Manager feature that is susceptible to the bypass until the patch can be applied.

Generated by OpenCVE AI on June 9, 2026 at 21:17 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 10 Jun 2026 11:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 09 Jun 2026 17:15:00 +0000

Type Values Removed Values Added
Description Improper access control in Microsoft PC Manager allows an authorized attacker to bypass a security feature locally.
Title Microsoft PC Manager Security Feature Bypass Vulnerability
First Time appeared Microsoft
Microsoft pc Manager
Weaknesses CWE-284
CPEs cpe:2.3:a:microsoft:pc_manager:*:*:*:*:*:*:*:*
Vendors & Products Microsoft
Microsoft pc Manager
References
Metrics cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C'}

Subscriptions

Microsoft Pc Manager
cve-icon MITRE

Status: PUBLISHED

Assigner: microsoft

Published:

Updated: 2026-06-10T10:22:08.228Z

Reserved: 2026-05-27T23:44:09.622Z

Link: CVE-2026-49161

cve-icon Vulnrichment

Updated: 2026-06-10T10:22:01.647Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-06-09T17:17:47.120

Modified: 2026-06-09T19:33:05.157

Link: CVE-2026-49161

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-10T01:00:11Z

Weaknesses