CVE-2026-45586

Analyzed Analyzed - Analysis Complete

Improper Link Resolution Leading to Privilege Escalation in Windows Collaborative Translation Framework

Publication date: 2026-06-09

Last updated on: 2026-06-11

Assigner: Microsoft Corporation

Description

Improper link resolution before file access ('link following') in Windows Collaborative Translation Framework allows an authorized attacker to elevate privileges locally.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published

2026-06-09

Last Modified

2026-06-11

Generated

2026-06-30

AI Q&A

2026-06-10

EPSS Evaluated

2026-06-28

NVD

CVE-2026-45586

EUVD

EUVD-2026-35548

Affected Vendors & Products

Vendor	Product	Version / Range
microsoft	windows_server_2012	r2
microsoft	windows_server_2012	*
microsoft	windows_10_1607	to 10.0.14393.9234 (exc)
microsoft	windows_10_1607	to 10.0.14393.9234 (exc)
microsoft	windows_10_1809	to 10.0.17763.8880 (exc)
microsoft	windows_10_1809	to 10.0.17763.8880 (exc)
microsoft	windows_10_21h2	to 10.0.19044.7417 (exc)
microsoft	windows_10_21h2	to 10.0.19044.7417 (exc)
microsoft	windows_10_21h2	to 10.0.19044.7417 (exc)
microsoft	windows_10_22h2	to 10.0.19045.7417 (exc)
microsoft	windows_10_22h2	to 10.0.19045.7417 (exc)
microsoft	windows_10_22h2	to 10.0.19045.7417 (exc)
microsoft	windows_11_23h2	to 10.0.22631.7219 (exc)
microsoft	windows_11_23h2	to 10.0.22631.7219 (exc)
microsoft	windows_11_24h2	to 10.0.26100.8655 (exc)
microsoft	windows_11_24h2	to 10.0.26100.8655 (exc)
microsoft	windows_11_25h2	to 10.0.26200.8655 (exc)
microsoft	windows_11_25h2	to 10.0.26200.8655 (exc)
microsoft	windows_11_26h1	to 10.0.28000.2269 (exc)
microsoft	windows_11_26h1	to 10.0.28000.2269 (exc)
microsoft	windows_server_2016	to 10.0.14393.9234 (exc)
microsoft	windows_server_2019	to 10.0.17763.8880 (exc)
microsoft	windows_server_2022	to 10.0.20348.5256 (exc)
microsoft	windows_server_2025	to 10.0.26100.32995 (exc)

Helpful Resources

Exploitability

CWE

KEV

CWE ID	Description
CWE-59	The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

Attack-Flow Graph

Compliance Impact

The vulnerability allows an authorized attacker to elevate privileges locally by exploiting improper link resolution before file access in the Windows Collaborative Translation Framework.

Such elevation of privilege vulnerabilities can potentially lead to unauthorized access or modification of sensitive data, which may impact compliance with standards and regulations like GDPR and HIPAA that require strict controls on data access and protection.

However, the provided information does not specify direct effects or assessments related to compliance with these standards.

Executive Summary

This vulnerability involves improper link resolution before file access, also known as 'link following', in the Windows Collaborative Translation Framework.

It allows an authorized attacker to elevate their privileges locally on the affected system.

Impact Analysis

An attacker who is already authorized on the system can exploit this vulnerability to gain higher privileges than intended.

This elevation of privilege can lead to full control over the affected system, potentially allowing the attacker to access, modify, or delete sensitive data and perform unauthorized actions.

Mitigation Strategies

To mitigate this vulnerability, apply the security updates provided by Microsoft for the Windows Collaborative Translation Framework as soon as they are available.

Since the vulnerability allows local privilege escalation through improper link resolution, restricting local user permissions and monitoring for unusual privilege escalations can help reduce risk until patches are applied.

Hi! I’m here to help you understand CVE-2026-45586. Ask me anything about the vulnerability, its impact, or mitigation strategies.

0/70