PatchSiren cyber security CVE debrief
CVE-2026-58636 Microsoft CVE debrief
CVE-2026-58636 is a HIGH severity vulnerability in Microsoft's PC Manager, with a CVSS score of 7.8. The vulnerability is caused by improper link resolution before file access, also known as 'link following', which allows an authorized attacker to elevate privileges locally. The vulnerability exists in the PC Manager software, which is developed by Microsoft. This vulnerability has a significant impact on the security of the system, and administrators should take immediate action to mitigate it.
- Vendor
- Microsoft
- Product
- Microsoft PC Manager
- CVSS
- HIGH 7.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-07-14
- Original CVE updated
- 2026-07-17
- Advisory published
- 2026-07-14
- Advisory updated
- 2026-07-17
Who should care
Administrators and users of Microsoft PC Manager should be aware of this vulnerability and take necessary actions to mitigate it. This includes ensuring that PC Manager is updated to version 3.21.6.0 or later, monitoring system logs for suspicious activity, and implementing compensating controls to limit the attack surface.
Technical summary
The vulnerability exists in the PC Manager software, which is developed by Microsoft. The CVSS vector for this vulnerability is CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. The weakness associated with this vulnerability is CWE-59. The vulnerability allows an authorized attacker to elevate privileges locally.
Defensive priority
High
Recommended defensive actions
- Apply the patch provided by Microsoft
- Ensure that PC Manager is updated to version 3.21.6.0 or later
- Monitor system logs for suspicious activity
- Implement compensating controls to limit the attack surface
- Review compensating controls for exposed systems while remediation is scheduled and verified
Evidence notes
The CVE record was published on 2026-07-14T17:17:13.970Z and was last modified on 2026-07-17T02:35:05.437Z. The NVD entry is currently Analyzed. The vulnerability exists in Microsoft's PC Manager software. The CVSS vector for this vulnerability is CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. The weakness associated with this vulnerability is CWE-59. Administrators and users of Microsoft PC Manager should be aware of this vulnerability and take necessary actions to mitigate it.
Official resources
-
CVE-2026-58636 CVE record
CVE.org
-
CVE-2026-58636 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Patch, Vendor Advisory
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-14T17:17:13.970Z and has not been modified since then. The NVD entry is currently Analyzed.