CVE-2026-50364
Received Received - Intake

Improper Link Resolution in Windows Server Backup Leads to Privilege Escalation

Vulnerability report for CVE-2026-50364, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-14

Last updated on: 2026-07-14

Assigner: Microsoft Corporation

Description

Improper link resolution before file access ('link following') in Windows Server Backup allows an authorized attacker to elevate privileges locally.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-14
Last Modified
2026-07-14
Generated
2026-07-14
AI Q&A
2026-07-14
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
microsoft windows_server_backup *

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-59 The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Detection Guidance

The provided context does not include specific detection methods or commands for identifying the vulnerability (CVE-2026-50364) on a network or system. Detection may require checking for unusual file access patterns or symbolic link manipulations in Windows Server Backup, but no explicit tools or commands are mentioned.

For further guidance, refer to Microsoft's official documentation or security updates, which may provide detection scripts or tools.

Executive Summary

CVE-2026-50364 is a vulnerability in Windows Server Backup related to improper link resolution before file access, also known as 'link following'. This flaw allows an authorized attacker with local access to exploit the system by manipulating file links in a way that enables them to elevate their privileges.

Specifically, the vulnerability occurs when the software does not properly validate or resolve symbolic links or other file links before accessing files. An attacker could craft malicious links to trick the system into granting higher privileges than intended.

Impact Analysis

If you are using Windows Server Backup and this vulnerability is exploited, the impact could include:

  • An attacker with local access and low privileges could gain elevated privileges on the system, potentially taking full control.
  • Sensitive data stored or backed up by Windows Server Backup could be accessed, modified, or deleted by the attacker.
  • The attacker could execute arbitrary code or install malicious software with higher privileges, leading to further compromise of the system or network.

This vulnerability is rated as 'Important' in severity, with a CVSS base score of 7.3, indicating a significant risk if exploited.

Compliance Impact

This vulnerability could impact compliance with several common standards and regulations in the following ways:

  • GDPR (General Data Protection Regulation): If the vulnerability leads to unauthorized access or disclosure of personal data, it could result in a breach of GDPR requirements, particularly Article 32 (security of processing) and Article 5 (data protection principles). Organizations may face fines or legal consequences if they fail to mitigate the risk.
  • HIPAA (Health Insurance Portability and Accountability Act): For organizations handling protected health information (PHI), exploitation of this vulnerability could lead to unauthorized access to PHI, violating the HIPAA Security Rule. This may result in penalties or mandatory corrective actions.
  • Other standards (e.g., ISO 27001, NIST): The vulnerability undermines the integrity and confidentiality of systems, which are core requirements of these frameworks. Failure to patch or mitigate the issue could result in non-compliance during audits.

To maintain compliance, organizations should apply the necessary patches or mitigations provided by Microsoft as soon as possible and ensure their systems are regularly updated and monitored for vulnerabilities.

Mitigation Strategies

To mitigate CVE-2026-50364, apply the security update provided by Microsoft as soon as possible. The update addresses the improper link resolution issue in Windows Server Backup that could allow privilege escalation.

  • Visit the Microsoft Update Guide for CVE-2026-50364 to download and install the patch.
  • Ensure all systems running Windows Server Backup are updated to the latest secure version.
  • Restrict local access to systems running Windows Server Backup to authorized personnel only, as the vulnerability requires local access.
  • Monitor for any unusual activity or unauthorized access attempts on systems where Windows Server Backup is installed.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-50364. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart