CVE-2026-49161: Microsoft PC Manager Security Feature Bypass Vulnerability
Improper access control in Microsoft PC Manager allows an authorized attacker to bypass a security feature locally.
Metrics
- CVSS v3.1
- 7.8
- Severity
- HIGH
- Fixed in
- 3.21.6.0
- Affected Products
- 1
HarborGuard Analysis
Synopsis
This is a security feature bypass vulnerability caused by improper access control in Microsoft PC Manager. The vulnerability is exploited locally by an attacker who already holds a low-privilege account on the affected machine, requiring no interaction from another user. Successful exploitation gives the attacker high-confidentiality, high-integrity, and high-availability impact on the affected system, enabling full read access to sensitive data, modification of files or state, and disruption of the application. A patched-image rebuild at version 3.21.6.0 is available on HarborGuard for environments running an affected version.
HarborGuard Coverage
Detection is available across every HarborGuard environment: the CVE is ingested from upstream feeds within minutes of publication and matched against images in customer registries and CI/CD pipelines, including custom-built images that bundle Microsoft PC Manager. Any image carrying a version below 3.21.6.0 is flagged automatically.
AvailableHarborGuard scores this CVE at 7.8 HIGH using its CVSS v3.1 vector and can weight that score against each customer organization's compliance policy to determine urgency. Triage findings are routed to the appropriate team inbox within each customer environment based on configured ownership rules.
AvailableA patched-image rebuild at Microsoft PC Manager version 3.21.6.0 is available on HarborGuard for any environment whose images are confirmed affected. For customers who opt into auto-remediation, HarborGuard performs the rebuild, runs a regression test suite, and opens a pull request against affected workloads automatically.
AvailableExploit Conditions
- Network reachabilityNot required
The attacker needs an existing shell or process on the host; no network access to the target is required.
- AuthenticationRequired
Any low-privilege local account is sufficient; the attacker does not need administrative credentials.
- Victim interactionNot required
No action from another user is needed; the attacker executes the exploit entirely on their own.
- Attack complexityDetail
The exploit is reliable and condition-free, requiring no race conditions, memory-layout knowledge, or special environmental setup.
Blast Radius
- Reads sensitive files, credentials, or application data accessible on the host.
- Modifies files, configuration, or application state on the affected system.
- Crashes or disrupts the Microsoft PC Manager process and any dependent functionality.
- Bypasses the security controls Microsoft PC Manager enforces, potentially exposing the host to further attack vectors.
How HarborGuard Handles This
Available on HarborGuard: detection for CVE-2026-49161 is active across all connected registries and pipelines, flagging any image that includes Microsoft PC Manager below version 3.21.6.0. Where compliance policy permits, a rebuilt image at version 3.21.6.0 becomes available immediately after the vulnerability is matched. For customers who opt into auto-remediation, HarborGuard triggers a full rebuild, executes a regression run against the new image, and opens a pull request against affected workloads; for high-severity issues, the median time from CVE publication to a merged patch PR in auto-remediation-enabled environments is around 90 minutes. Customers who manage remediation manually will find the patched rebuild flagged and ready in their HarborGuard dashboard alongside the triage details and affected image inventory.
- Microsoft / Microsoft PC Manager< 3.21.6.0 (from 1.0.0)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C