Skip to main content

Microsoft PC Manager CVE-2026-50438

| EUVDEUVD-2026-44069 HIGH
Improper Link Resolution Before File Access (CWE-59)
2026-07-14 microsoft GHSA-mx3q-8ph8-rf8h
8.8
CVSS 3.1 · Vendor: microsoft
Temporal: 7.7
Share

Severity by source

Vendor (microsoft) PRIMARY
8.8 HIGH
AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
CIRCL (temporal)
7.7 HIGH
cvss
vuln.today AI
8.8 HIGH

Local EoP by an authenticated low-priv user (AV:L, PR:L) with no interaction; link-following yields SYSTEM-level file control, hence S:C and C/I/A:H.

3.1 AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
4.0 AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Primary rating from Vendor (microsoft).

CVSS VectorVendor: microsoft

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

2
Analysis Generated
Jul 14, 2026 - 20:26 vuln.today
CVE Published
Jul 14, 2026 - 17:07 nvd
HIGH 8.8

DescriptionCVE.org

Improper link resolution before file access ('link following') in Microsoft PC Manager allows an authorized attacker to elevate privileges locally.

AnalysisAI

Local privilege escalation in Microsoft PC Manager lets an already-authenticated low-privileged user abuse improper symbolic/hard link resolution (CWE-59) to gain higher privileges, likely SYSTEM given the CVSS scope change. Rated CVSS 8.8, the flaw carries high confidentiality, integrity, and availability impact. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Obtain local low-priv session
Delivery
Plant symlink/junction in monitored path
Exploit
Trigger PC Manager privileged operation
Execution
Link followed to protected file
Persist
Arbitrary write as SYSTEM
Impact
Escalate to SYSTEM privileges

Vulnerability AssessmentAI

Exploitation Exploitation requires an authenticated local low-privileged session on a Windows host that has Microsoft PC Manager installed (PR:L, AV:L) - the tool is an optional download, so hosts without it are not exposed. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 3.1 vector (AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H = 8.8) describes a fully local attack requiring low privileges but no user interaction, with low complexity and a scope change indicating impact beyond the vulnerable component - consistent with escalation to SYSTEM. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker who has already obtained a low-privileged foothold on a Windows machine (via phishing, a separate exploit, or an insider account) plants a symbolic link or junction in a directory processed by PC Manager's privileged service, then triggers the relevant cleanup/optimization operation. The privileged process follows the link and writes to or overwrites a protected file, allowing the attacker to escalate to SYSTEM. …
Remediation Patch available per vendor advisory: update Microsoft PC Manager to the fixed release referenced in the MSRC update guide (https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-50438); the exact patched build is not specified in the provided data and should be confirmed there. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours, inventory all systems running Microsoft PC Manager and prioritize by business criticality. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-50438 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy