Severity by source
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Local link-following EoP needs an existing low-privileged account (AV:L, PR:L) and no interaction (UI:N); successful abuse yields SYSTEM, giving full C/I/A impact.
Primary rating from Vendor (microsoft).
CVSS VectorVendor: microsoft
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
2DescriptionCVE.org
Improper link resolution before file access ('link following') in Window PC Manager allows an authorized attacker to elevate privileges locally.
AnalysisAI
Local privilege escalation in Microsoft PC Manager allows an authenticated low-privileged user to gain elevated (typically SYSTEM/administrator) privileges by abusing improper link resolution before file access (CWE-59). Reported by Microsoft with a patch available via MSRC; no public exploit identified at time of analysis and not listed in CISA KEV. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires local access to a Windows host with Microsoft PC Manager installed and a low-privileged authenticated account (CVSS PR:L) from which the attacker can create filesystem links (junctions/symlinks) in a path consumed by PC Manager's privileged component; no user interaction is needed (UI:N). … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 3.1 vector (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H, 7.8 High) describes a local attack requiring existing low-privilege access, no user interaction, and low complexity, yielding full high-impact compromise - a classic and realistic local EoP profile. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker who already has an unprivileged interactive session on a Windows machine plants an NTFS junction or symlink in a directory that the privileged PC Manager service processes during a cleanup or maintenance operation. When the service follows the attacker-controlled link, its file create/write/delete is redirected to a protected location, letting the attacker overwrite or delete a privileged file and escalate to SYSTEM. … |
| Remediation | Patch available per vendor advisory: apply the Microsoft-provided update for PC Manager referenced at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-58636, and confirm the fixed build against the MSRC guide since an exact fixed version is not enumerated in the available data. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours, audit endpoint management systems to identify all installations of Microsoft PC Manager and document the device count and user population affected. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
More in Microsoft Pc Manager
View allLocal privilege escalation in Microsoft PC Manager lets an already-authenticated low-privileged user abuse improper symb
Local privilege escalation in Microsoft PC Manager allows an authenticated low-privileged user on Windows to gain higher
Local privilege escalation in Microsoft PC Manager allows an authenticated low-privileged attacker to gain elevated righ
Same weakness CWE-59 – Improper Link Resolution Before File Access
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-43777
GHSA-cwx9-j747-4x45