Severity by source
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
2DescriptionNVD
Improper link resolution before file access ('link following') in Microsoft PC Manager allows an authorized attacker to elevate privileges locally.
AnalysisAI
Local privilege escalation in Microsoft PC Manager allows an authenticated low-privileged user on Windows to gain higher privileges by abusing symbolic link or junction resolution before file access. No public exploit identified at time of analysis, and the flaw is not listed in CISA KEV, but the high CVSS (7.8) reflects full confidentiality, integrity, and availability impact once exploited. Microsoft has issued a fix through its Security Response Center advisory.
Technical ContextAI
Microsoft PC Manager is a Windows utility that performs system optimization tasks such as cleanup, health checks, and storage management - operations that typically run with elevated SYSTEM-level privileges. The root cause is CWE-59 (Improper Link Resolution Before File Access, or 'link following'), a class of bug where a privileged process opens or writes to a file path without first verifying that the path is not a symbolic link, junction, or hard link controlled by a lower-privileged user. The affected CPE is cpe:2.3:a:microsoft:microsoft_pc_manager:*:*:*:*:*:*:*:* covering all versions prior to the patched release referenced in the MSRC advisory. By planting a link inside a directory that PC Manager touches, a standard user can redirect a privileged file operation to a target the attacker would not normally be able to modify.
RemediationAI
Patch available per vendor advisory: update Microsoft PC Manager to the fixed build identified in the MSRC Security Update Guide entry at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-50511; PC Manager normally self-updates, but on managed fleets verify the deployed version after the update window. As a compensating control until the patch is rolled out, uninstall Microsoft PC Manager on multi-user or shared-access systems where a low-privileged foothold is realistic (RDP/VDI hosts, kiosks, lab machines) - the side effect is loss of the optimization/cleanup UI, which is non-essential. On single-user endpoints, restrict who can log on interactively and audit creation of symbolic links and junctions by non-admin users (the SeCreateSymbolicLinkPrivilege is normally admin-only, but junctions/hardlinks do not require it and remain the more likely abuse path).
More in Microsoft Pc Manager
View allLocal privilege escalation in Microsoft PC Manager lets an already-authenticated low-privileged user abuse improper symb
Local privilege escalation in Microsoft PC Manager allows an authenticated low-privileged attacker to gain elevated righ
Local privilege escalation in Microsoft PC Manager allows an authenticated low-privileged user to gain elevated (typical
Same weakness CWE-59 – Improper Link Resolution Before File Access
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-35772
GHSA-5grc-66qq-8mgg