Skip to main content

Microsoft PC Manager CVE-2026-58636

| EUVDEUVD-2026-43777 HIGH
Improper Link Resolution Before File Access (CWE-59)
2026-07-14 microsoft GHSA-cwx9-j747-4x45
7.8
CVSS 3.1 · Vendor: microsoft
Share

Severity by source

Vendor (microsoft) PRIMARY
7.8 HIGH
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
vuln.today AI
7.8 HIGH

Local link-following EoP needs an existing low-privileged account (AV:L, PR:L) and no interaction (UI:N); successful abuse yields SYSTEM, giving full C/I/A impact.

3.1 AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
4.0 AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Primary rating from Vendor (microsoft).

CVSS VectorVendor: microsoft

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

2
Analysis Generated
Jul 14, 2026 - 17:47 vuln.today
CVE Published
Jul 14, 2026 - 17:05 nvd
HIGH 7.8

DescriptionCVE.org

Improper link resolution before file access ('link following') in Window PC Manager allows an authorized attacker to elevate privileges locally.

AnalysisAI

Local privilege escalation in Microsoft PC Manager allows an authenticated low-privileged user to gain elevated (typically SYSTEM/administrator) privileges by abusing improper link resolution before file access (CWE-59). Reported by Microsoft with a patch available via MSRC; no public exploit identified at time of analysis and not listed in CISA KEV. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Obtain low-privileged local session
Delivery
Plant malicious junction/symlink in target path
Exploit
PC Manager service follows link during file operation
Execution
Redirect privileged write/delete to protected target
Impact
Escalate to SYSTEM privileges

Vulnerability AssessmentAI

Exploitation Exploitation requires local access to a Windows host with Microsoft PC Manager installed and a low-privileged authenticated account (CVSS PR:L) from which the attacker can create filesystem links (junctions/symlinks) in a path consumed by PC Manager's privileged component; no user interaction is needed (UI:N). … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 3.1 vector (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H, 7.8 High) describes a local attack requiring existing low-privilege access, no user interaction, and low complexity, yielding full high-impact compromise - a classic and realistic local EoP profile. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker who already has an unprivileged interactive session on a Windows machine plants an NTFS junction or symlink in a directory that the privileged PC Manager service processes during a cleanup or maintenance operation. When the service follows the attacker-controlled link, its file create/write/delete is redirected to a protected location, letting the attacker overwrite or delete a privileged file and escalate to SYSTEM. …
Remediation Patch available per vendor advisory: apply the Microsoft-provided update for PC Manager referenced at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-58636, and confirm the fixed build against the MSRC guide since an exact fixed version is not enumerated in the available data. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours, audit endpoint management systems to identify all installations of Microsoft PC Manager and document the device count and user population affected. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-58636 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy