CVE-2026-49161

Analyzed Analyzed - Analysis Complete

Microsoft PC Manager Local Security Bypass

Publication date: 2026-06-09

Last updated on: 2026-06-12

Assigner: Microsoft Corporation

Description

Improper access control in Microsoft PC Manager allows an authorized attacker to bypass a security feature locally.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published

2026-06-09

Last Modified

2026-06-12

Generated

2026-06-30

AI Q&A

2026-06-10

EPSS Evaluated

2026-06-28

NVD

CVE-2026-49161

EUVD

EUVD-2026-35528

Affected Vendors & Products

Vendor	Product	Version / Range
microsoft	pc_manager	to 3.21.6.0 (exc)

Helpful Resources

Exploitability

CWE

KEV

CWE ID	Description
CWE-284	The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

Attack-Flow Graph

Mitigation Strategies

To mitigate this vulnerability, it is important to apply any security updates or patches provided by Microsoft for PC Manager as soon as they become available.

Since the vulnerability involves improper access control allowing a local authorized attacker to bypass security features, limiting local access to trusted users and monitoring for unusual local activity can help reduce risk.

Executive Summary

This vulnerability is an improper access control issue in Microsoft PC Manager that allows an authorized attacker to bypass a security feature locally.

Impact Analysis

The vulnerability can impact you by allowing an authorized attacker to bypass security features on your system, potentially leading to high confidentiality, integrity, and availability impacts.

Compliance Impact

The provided information does not specify how this vulnerability affects compliance with common standards and regulations such as GDPR or HIPAA.

Hi! I’m here to help you understand CVE-2026-49161. Ask me anything about the vulnerability, its impact, or mitigation strategies.

0/70