Severity by source
AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Local EoP by an authenticated low-priv user (AV:L, PR:L) with no interaction; link-following yields SYSTEM-level file control, hence S:C and C/I/A:H.
Primary rating from Vendor (microsoft).
CVSS VectorVendor: microsoft
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Lifecycle Timeline
2DescriptionCVE.org
Improper link resolution before file access ('link following') in Microsoft PC Manager allows an authorized attacker to elevate privileges locally.
AnalysisAI
Local privilege escalation in Microsoft PC Manager lets an already-authenticated low-privileged user abuse improper symbolic/hard link resolution (CWE-59) to gain higher privileges, likely SYSTEM given the CVSS scope change. Rated CVSS 8.8, the flaw carries high confidentiality, integrity, and availability impact. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires an authenticated local low-privileged session on a Windows host that has Microsoft PC Manager installed (PR:L, AV:L) - the tool is an optional download, so hosts without it are not exposed. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 3.1 vector (AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H = 8.8) describes a fully local attack requiring low privileges but no user interaction, with low complexity and a scope change indicating impact beyond the vulnerable component - consistent with escalation to SYSTEM. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker who has already obtained a low-privileged foothold on a Windows machine (via phishing, a separate exploit, or an insider account) plants a symbolic link or junction in a directory processed by PC Manager's privileged service, then triggers the relevant cleanup/optimization operation. The privileged process follows the link and writes to or overwrites a protected file, allowing the attacker to escalate to SYSTEM. … |
| Remediation | Patch available per vendor advisory: update Microsoft PC Manager to the fixed release referenced in the MSRC update guide (https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-50438); the exact patched build is not specified in the provided data and should be confirmed there. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours, inventory all systems running Microsoft PC Manager and prioritize by business criticality. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
More in Microsoft Pc Manager
View allLocal privilege escalation in Microsoft PC Manager allows an authenticated low-privileged user on Windows to gain higher
Local privilege escalation in Microsoft PC Manager allows an authenticated low-privileged attacker to gain elevated righ
Local privilege escalation in Microsoft PC Manager allows an authenticated low-privileged user to gain elevated (typical
Same weakness CWE-59 – Improper Link Resolution Before File Access
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-44069
GHSA-mx3q-8ph8-rf8h