Severity by source
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Primary rating from Vendor (microsoft).
CVSS VectorVendor: microsoft
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
2DescriptionCVE.org
Missing authentication for critical function in Microsoft PC Manager allows an authorized attacker to elevate privileges locally.
AnalysisAI
Local privilege escalation in Microsoft PC Manager allows an authenticated low-privileged attacker to gain elevated rights on the host by abusing a critical function that lacks proper authentication checks. The flaw (CWE-306) is reported by Microsoft itself with a CVSS 7.8 (AV:L/AC:L/PR:L) and no public exploit identified at time of analysis, but a vendor patch is available via MSRC.
Technical ContextAI
Microsoft PC Manager is a Windows utility application that performs system maintenance tasks such as storage cleanup, process management, startup optimization, and security scanning - operations that typically require interaction with privileged components or services running at higher integrity levels. The CPE cpe:2.3:a:microsoft:microsoft_pc_manager:*:*:*:*:*:*:*:* indicates all versions are in scope pending the fixed build. The root cause is CWE-306 (Missing Authentication for Critical Function): a sensitive operation exposed by the application (likely an IPC endpoint, named pipe, COM interface, or privileged service request) does not verify that the caller is authorized to invoke it, so any local user context can reach functionality intended for higher-privileged components.
RemediationAI
Apply the vendor-released update for Microsoft PC Manager referenced in the MSRC advisory at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-50512, since Patch available per vendor advisory and the exact fixed build number should be taken from that page rather than inferred. Where immediate patching is not possible, restrict who can log on interactively or via remote desktop to affected hosts to limit which accounts can exercise the local attack vector, and consider uninstalling Microsoft PC Manager on systems that do not actively use it - both controls reduce exposure but the first weakens least-privilege use cases and the second removes a maintenance utility users may rely on. Monitor for anomalous child processes or token manipulation originating from PC Manager service components as a detection compensating control until the fix is deployed.
More in Microsoft Pc Manager
View allLocal privilege escalation in Microsoft PC Manager lets an already-authenticated low-privileged user abuse improper symb
Local privilege escalation in Microsoft PC Manager allows an authenticated low-privileged user on Windows to gain higher
Local privilege escalation in Microsoft PC Manager allows an authenticated low-privileged user to gain elevated (typical
Same technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-35771
GHSA-c6mx-5853-2f2j