CVE-2026-21517

EUVD-2026-7308
Improper link resolution before file access ('link following') in Windows App for Mac allows an authorized attacker to elevate privileges locally.
Link Following
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.7 MEDIUM
LOCAL
HIGH
LOW
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N
microsoftCNA
4.7 MEDIUM
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: 4%
Common Weakness Enumeration
References
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21517