PatchSiren cyber security CVE debrief
CVE-2026-49161 Microsoft CVE debrief
CVE-2026-49161 is a high-severity vulnerability in Microsoft PC Manager, with a CVSS score of 7.8. The vulnerability is caused by improper access control, allowing an authorized attacker to bypass a security feature locally. The vulnerability was published on [cve-org](https://www.cve.org/CVERecord?id=CVE-2026-49161) and details can be found on [nvd](https://nvd.nist.gov/vuln/detail/CVE-2026-49161).
- Vendor
- Microsoft
- Product
- Microsoft PC Manager
- CVSS
- HIGH 7.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-09
- Original CVE updated
- 2026-06-12
- Advisory published
- 2026-06-09
- Advisory updated
- 2026-06-12
Who should care
Users of Microsoft PC Manager, particularly those with local access to the system, should be aware of this vulnerability and take necessary precautions.
Technical summary
The vulnerability is caused by improper access control in Microsoft PC Manager, allowing an authorized attacker to bypass a security feature locally. The CVSS vector for this vulnerability is CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H.
Defensive priority
High
Recommended defensive actions
- Apply the patch or update from Microsoft as soon as possible.
- Review and follow Microsoft's mitigation guidance [ref-4](https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-49161).
Evidence notes
The vulnerability was published on June 9, 2026, and modified on June 12, 2026. The CVE record can be found on [cve-org](https://www.cve.org/CVERecord?id=CVE-2026-49161) and details can be found on [nvd](https://nvd.nist.gov/vuln/detail/CVE-2026-49161).
Official resources
-
CVE-2026-49161 CVE record
CVE.org
-
CVE-2026-49161 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Vendor Advisory
CVE-2026-49161 was published on June 9, 2026, and modified on June 12, 2026.