Description
Improper link resolution before file access ('link following') in Microsoft PC Manager allows an authorized attacker to elevate privileges locally.
Published: 2026-06-09
Score: 7.8 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Microsoft PC Manager contains an improper link resolution flaw that allows an authorized local attacker to elevate privileges before file access. The vulnerability arises from following symbolic or junction links without proper validation, enabling an attacker to gain higher system privileges through local file access assays. The weakness corresponds to CWE-59 and is capable of increasing an attacker’s privilege level on the affected machine.

Affected Systems

The product at risk is Microsoft PC Manager; no specific version information is disclosed. Any installation that has not received the latest official security update may be vulnerable.

Risk and Exploitability

The CVSS score of 7.8 classifies the flaw as high severity, yet the EPSS score is unavailable and the vulnerability is not listed in the CISA KEV catalog, suggesting limited evidence of active exploitation. The most likely attack vector requires a local user with the ability to run the application and create or manipulate links, and the impact is confined to the host where the application operates.

Generated by OpenCVE AI on June 9, 2026 at 21:10 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest Microsoft security update for PC Manager as released through the Microsoft Security Response Center.
  • If a patch is not yet available, restrict the accounts that can run PC Manager to the minimum required permissions and prevent the creation or modification of symbolic links in the application’s directory through local group policy.
  • Verify that any file paths used by PC Manager are validated to avoid following indirect links, ensuring the application accesses only intended target files.

Generated by OpenCVE AI on June 9, 2026 at 21:10 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 10 Jun 2026 15:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 09 Jun 2026 18:00:00 +0000

Type Values Removed Values Added
Description Improper link resolution before file access ('link following') in Microsoft PC Manager allows an authorized attacker to elevate privileges locally.
Title Microsoft PC Manager Elevation of Privilege Vulnerability
First Time appeared Microsoft
Microsoft pc Manager
Weaknesses CWE-59
CPEs cpe:2.3:a:microsoft:pc_manager:*:*:*:*:*:*:*:*
Vendors & Products Microsoft
Microsoft pc Manager
References
Metrics cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C'}

Subscriptions

Microsoft Pc Manager
cve-icon MITRE

Status: PUBLISHED

Assigner: microsoft

Published:

Updated: 2026-06-10T17:54:44.650Z

Reserved: 2026-06-04T19:00:41.292Z

Link: CVE-2026-50511

cve-icon Vulnrichment

Updated: 2026-06-10T14:24:30.975Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-06-09T18:17:06.520

Modified: 2026-06-09T19:32:51.440

Link: CVE-2026-50511

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-10T01:30:17Z

Weaknesses