CVE-2026-21517: Windows App for Mac Installer Elevation of Privilege Vulnerability

Overview

Severity

Medium (CVSS 4.7)

CVSS Vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C

Category

Elevation of Privilege

Exploit Status

Not Exploited

Exploitation Likelihood

Less Likely

Patch Tuesday

2026-Feb

Released

2026-02-10

Last Updated

2026-02-13

EPSS Score

0.03% (percentile: 9.5%)

Description

Improper link resolution before file access ('link following') in Windows App for Mac allows an authorized attacker to elevate privileges locally.

FAQ

According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to carefully time their actions to exploit the timing differences in the execution of specific operations.

Affected Products (1)

Windows

• Windows App for Mac

Acknowledgments

<a href="https://x.com/johnwoodman15">John Woodman</a>

Revision History

• 2026-02-10: Information published.
• 2026-02-13: Download links fixed