CVE-2026-50512
published 2026-06-09CVE-2026-50512: Improper link resolution before file access ('link following') in Microsoft PC Manager allows an authorized attacker to elevate privileges locally.
PriorityP346high7.8CVSS 3.1
AVLACLPRLUINSUCHIHAH
EPSS
0.26%
17.0th percentile
Improper link resolution before file access ('link following') in Microsoft PC Manager allows an authorized attacker to elevate privileges locally.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | microsoft_pc_manager | >= 1.0.0 < 3.21.6.0 | 3.21.6.0 |
| microsoft | pc_manager | < 3.21.6.0 | 3.21.6.0 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
Microsoft PC Manager 3.18.0.0 missing authentication
vuldb·2026-06-16·CVSS 7.8
CVE-2026-50512 [HIGH] Microsoft PC Manager 3.18.0.0 missing authentication
A vulnerability was found in Microsoft PC Manager 3.18.0.0. It has been rated as critical. The affected element is an unknown function. This manipulation causes missing authentication.
The identification of this vulnerability is CVE-2026-50512. The attack can only be executed locally. There is no exploit available.
Upgrading the affected component is advised.
GHSA
Missing authentication for critical function in Microsoft PC Manager allows an authorized attacker to elevate privileges locally.
ghsa_unreviewed·2026-06-09
CVE-2026-50512 [HIGH] CWE-306 Missing authentication for critical function in Microsoft PC Manager allows an authorized attacker to elevate privileges locally.
Missing authentication for critical function in Microsoft PC Manager allows an authorized attacker to elevate privileges locally.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2026-06-09
Published