Description
Improper link resolution before file access ('link following') in Microsoft PC Manager allows an authorized attacker to elevate privileges locally.
Published: 2026-06-09
Score: 7.8 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

An authorized attacker who can access Microsoft PC Manager can exploit a flaw in the application's link resolution before accessing files, known as "link following", to elevate privileges locally. This vulnerability allows the attacker to bypass normal security checks and gain higher level permissions, constituting a local privilege escalation. The weakness is a lack of proper authentication checks for privileged operations, as identified by CWE‑306.

Affected Systems

Microsoft PC Manager is the affected product. Specific affected version information is not listed in the advisory, so all installations at risk should be considered vulnerable until a patch is applied.

Risk and Exploitability

The vulnerability carries a CVSS score of 7.8, indicating high severity. No EPSS score is provided, and it is not included in the CISA KEV catalog, suggesting limited publicly known exploitation. The attack vector is local; an attacker with authorized access to PC Manager can exploit the improper link resolution before file access to elevate privileges. The risk remains significant for systems that have not applied a fix.

Generated by OpenCVE AI on June 9, 2026 at 23:23 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Check Microsoft security update catalog for an available patch for PC Manager addressing the privilege escalation issue.
  • Apply the latest update or upgrade Microsoft PC Manager to a version that includes the fix.
  • If a patch is not immediately available, restrict or disable the affected privileged function and limit user rights until the issue is resolved.

Generated by OpenCVE AI on June 9, 2026 at 23:23 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 09 Jun 2026 22:30:00 +0000

Type Values Removed Values Added
Description Missing authentication for critical function in Microsoft PC Manager allows an authorized attacker to elevate privileges locally. Improper link resolution before file access ('link following') in Microsoft PC Manager allows an authorized attacker to elevate privileges locally.

Tue, 09 Jun 2026 18:00:00 +0000

Type Values Removed Values Added
Description Missing authentication for critical function in Microsoft PC Manager allows an authorized attacker to elevate privileges locally.
Title Microsoft PC Manager Elevation of Privilege Vulnerability
First Time appeared Microsoft
Microsoft pc Manager
Weaknesses CWE-306
CPEs cpe:2.3:a:microsoft:pc_manager:*:*:*:*:*:*:*:*
Vendors & Products Microsoft
Microsoft pc Manager
References
Metrics cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C'}

Subscriptions

Microsoft Pc Manager
cve-icon MITRE

Status: PUBLISHED

Assigner: microsoft

Published:

Updated: 2026-06-09T21:51:09.637Z

Reserved: 2026-06-04T19:00:41.292Z

Link: CVE-2026-50512

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-06-09T18:17:09.747

Modified: 2026-06-09T23:17:03.150

Link: CVE-2026-50512

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-10T02:30:05Z

Weaknesses