CVE-2026-50512: Microsoft PC Manager Elevation of Privilege Vulnerability
Improper link resolution before file access ('link following') in Microsoft PC Manager allows an authorized attacker to elevate privileges locally.
Metrics
- CVSS v3.1
- 7.8
- Severity
- HIGH
- Fixed in
- 3.21.6.0
- Affected Products
- 1
HarborGuard Analysis
Synopsis
A link-following vulnerability in Microsoft PC Manager allows a local attacker with a standard user account to elevate their privileges to a higher level. The flaw is reached locally, requires no network access, and only needs a low-privilege account to trigger. Successful exploitation gives the attacker full read, write, and control over the affected system. A patched-image rebuild at version 3.21.6.0 is available on HarborGuard for environments running an affected version.
HarborGuard Coverage
Detection of CVE-2026-50512 is available across every HarborGuard environment, with the CVE matched against customer images within minutes of ingestion from upstream feeds, including custom-built images that bundle Microsoft PC Manager. Coverage extends to both registry-stored images and images evaluated inline during CI/CD pipeline runs.
AvailableHarborGuard is capable of scoring this CVE at its CVSS v3.1 rating of 7.8 (HIGH) and weighting that score against each customer organization's compliance policy to determine urgency. Triage routing to the appropriate team inbox within each customer org is available based on policy-defined ownership rules.
AvailableA patched-image rebuild at Microsoft PC Manager version 3.21.6.0 is available on HarborGuard for any environment found running an affected version. For customers who opt into auto-remediation, HarborGuard is capable of performing the rebuild, running a regression test suite, and opening a pull request against affected workloads automatically.
AvailableExploit Conditions
- Network reachabilityNot required
The attacker needs an existing shell or process on the host; no network access is required to trigger this vulnerability.
- AuthenticationRequired
Any low-privilege local account is sufficient; the attacker does not need administrative credentials.
- Victim interactionNot required
No action from another user or victim is needed; the attacker can trigger the flaw entirely on their own.
- Attack complexityDetail
The exploit is reliable and condition-free, with no race conditions or special environmental factors required.
Blast Radius
- A successful attacker reads sensitive files and data on the host that would otherwise be restricted to higher-privilege accounts.
- A successful attacker writes or replaces files anywhere on the local filesystem, including system binaries and configuration files.
- A successful attacker can crash, halt, or destabilize running services and processes on the affected host.
- Combined read, write, and execution control effectively gives the attacker full local system compromise from a standard user starting point.
How HarborGuard Handles This
Available on HarborGuard: detection of this CVE is matched against images within minutes of publication, including custom images that ship Microsoft PC Manager. Where auto-remediation is enabled, HarborGuard can trigger a patched-image rebuild at version 3.21.6.0, run a regression test, and open a pull request against affected workloads; median time from CVE publication to merged patch PR for high-severity issues is around 90 minutes in environments with auto-remediation enabled. For customers who have not opted into auto-remediation, the rebuild capability is still available and can be triggered manually from the HarborGuard dashboard. Where a rebuild is not immediately practical, reducing the blast radius through least-privilege process isolation and restricting which accounts can run Microsoft PC Manager is recommended as a compensating control.
- Microsoft / Microsoft PC Manager< 3.21.6.0 (from 1.0.0)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C