CVE-2026-21517
Improper Link Resolution in Windows App for Mac Elevates Privileges
Publication date: 2026-02-10
Last updated on: 2026-02-25
Assigner: Microsoft Corporation
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| microsoft | windows_app | to 11.3.2 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-59 | The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability involves improper link resolution before file access, also known as 'link following', in the Windows App for Mac. It allows an authorized attacker to elevate their privileges locally by exploiting how the application resolves links before accessing files.
How can this vulnerability impact me? :
An attacker who is already authorized on the system can exploit this vulnerability to gain higher privileges than they are supposed to have. This can lead to unauthorized access to sensitive data, modification of system files, or disruption of system operations.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
I don't know
What immediate steps should I take to mitigate this vulnerability?
I don't know