CVE-2026-21517

CWE-594 documents4 sources
Severity
7.0HIGH
EPSS
0.0%
top 90.51%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Microsoft Windows APP FOR MACMicrosoft Windows APP
Timeline
PublishedFeb 10

Description

Improper link resolution before file access ('link following') in Windows App for Mac allows an authorized attacker to elevate privileges locally.

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:NExploitability: 1.0 | Impact: 3.6

Affected Packages2 packages

NVDmicrosoft/windows_app< 11.3.2
CVEListV5microsoft/windows_app_for_mac11.0.011.3.2

🔴Vulnerability Details

2
GHSA
GHSA-px7f-389h-299v: Improper link resolution before file access ('link following') in Windows App for Mac allows an authorized attacker to elevate privileges locally2026-02-10
CVEList
Windows App for Mac Installer Elevation of Privilege Vulnerability2026-02-10

📋Vendor Advisories

1
Microsoft
Windows App for Mac Installer Elevation of Privilege Vulnerability2026-02-10
CVE-2026-21517 (HIGH CVSS 7) | Improper link resolution before fil | cvebase.io