CVE-2026-49161: Microsoft PC Manager Security Feature Bypass Vulnerability

Overview

Severity

High (CVSS 7.8)

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

Category

Security Feature Bypass

Exploit Status

Not Exploited

Exploitation Likelihood

Unlikely

Patch Tuesday

2026-Jun

Released

2026-06-09

Description

Improper access control in Microsoft PC Manager allows an authorized attacker to bypass a security feature locally.

FAQ

What kind of security feature could be bypassed by successfully exploiting this vulnerability? An unauthenticated attacker is able to bypass the expected user access.

Affected Products (1)

Apps

• Microsoft PC Manager

Security Updates (1)

• Release Notes

Acknowledgments

<a href="https://bird.vin/">Xin Liu</a> with <a href="https://xxxy.lzu.edu.cn/">N05ec@LZU-DSLab</a>

Revision History

• 2026-06-09: Information published.