CVE-2026-50511
HIGH
CVSS 7.8
No EPSS data
Description
Improper link resolution before file access ('link following') in Microsoft PC Manager allows an authorized attacker to elevate privileges locally.
CVSS details
EPSS
This CVE is not currently listed in the EPSS dataset.
Show JSON
{
"cve": {
"id": "CVE-2026-50511",
"cveTags": [],
"metrics": {
"cvssMetricV31": [
{
"type": "Primary",
"source": "secure@microsoft.com",
"cvssData": {
"scope": "UNCHANGED",
"version": "3.1",
"baseScore": 7.8,
"attackVector": "LOCAL",
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"integrityImpact": "HIGH",
"userInteraction": "NONE",
"attackComplexity": "LOW",
"availabilityImpact": "HIGH",
"privilegesRequired": "LOW",
"confidentialityImpact": "HIGH"
},
"impactScore": 5.9,
"exploitabilityScore": 1.8
}
]
},
"published": "2026-06-09T18:17:06.520",
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-50511",
"tags": [
"Vendor Advisory"
],
"source": "secure@microsoft.com"
}
],
"vulnStatus": "Analyzed",
"weaknesses": [
{
"type": "Primary",
"source": "secure@microsoft.com",
"description": [
{
"lang": "en",
"value": "CWE-59"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper link resolution before file access ('link following') in Microsoft PC Manager allows an authorized attacker to elevate privileges locally."
}
],
"lastModified": "2026-06-15T18:23:15.717",
"configurations": [
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:pc_manager:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "59D5AA9B-48AC-40F5-83B6-607D79504B47",
"versionEndExcluding": "3.21.6.0"
}
],
"operator": "OR"
}
]
}
],
"sourceIdentifier": "secure@microsoft.com"
}
}