CVE-2026-21517— Windows App for Mac Installer Elevation of Privilege Vulnerability
Affected Version Matrix 1
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Microsoft | Windows App for Mac | 11.0.0< 11.3.2 | affected |
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-21517
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Windows App for Mac Installer Elevation of Privilege Vulnerability
Source: NVD (National Vulnerability Database)
Vulnerability Description
Improper link resolution before file access ('link following') in Windows App for Mac allows an authorized attacker to elevate privileges locally.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N
Source: NVD (National Vulnerability Database)
Vulnerability Type
在文件访问前对链接解析不恰当(链接跟随)
Source: NVD (National Vulnerability Database)
Vulnerability Title
Microsoft Windows 后置链接漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Microsoft Windows是美国微软(Microsoft)公司的一套个人设备使用的操作系统。 Microsoft Windows存在后置链接漏洞。攻击者利用该漏洞可以提升权限。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Microsoft | Windows App for Mac | 11.0.0 ~ 11.3.2 | - |
II. Public POCs for CVE-2026-21517
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-21517
请登录查看更多情报信息。
Same Patch Batch · Microsoft · 2026-02-10 · 54 CVEs total
| CVE-2026-21531 | 9.8 CRITICAL | Azure SDK for Python Remote Code Execution Vulnerability |
| CVE-2026-21518 | 8.8 HIGH | GitHub Copilot and Visual Studio Code Security Feature Bypass Vulnerability |
| CVE-2026-21255 | 8.8 HIGH | Windows Hyper-V Security Feature Bypass Vulnerability |
| CVE-2026-21256 | 8.8 HIGH | GitHub Copilot and Visual Studio Remote Code Execution Vulnerability |
| CVE-2026-21516 | 8.8 HIGH | GitHub Copilot for Jetbrains Remote Code Execution Vulnerability |
| CVE-2026-21513 | 8.8 HIGH | MSHTML Framework Security Feature Bypass Vulnerability |
| CVE-2026-21510 | 8.8 HIGH | Windows Shell Security Feature Bypass Vulnerability |
| CVE-2026-21537 | 8.8 HIGH | Microsoft Defender for Endpoint Linux Extension Remote Code Execution Vulnerability |
| CVE-2026-21228 | 8.1 HIGH | Azure Local Remote Code Execution Vulnerability |
| CVE-2026-21257 | 8.0 HIGH | GitHub Copilot and Visual Studio Elevation of Privilege Vulnerability |
| CVE-2026-21523 | 8.0 HIGH | GitHub Copilot and Visual Studio Code Remote Code Execution Vulnerability |
| CVE-2026-21229 | 8.0 HIGH | Power BI Remote Code Execution Vulnerability |
| CVE-2026-21240 | 7.8 HIGH | Windows HTTP.sys Elevation of Privilege Vulnerability |
| CVE-2026-21514 | 7.8 HIGH | Microsoft Word Security Feature Bypass Vulnerability |
| CVE-2026-20841 | 7.8 HIGH | Windows Notepad App Remote Code Execution Vulnerability |
| CVE-2026-21533 | 7.8 HIGH | Windows Remote Desktop Services Elevation of Privilege Vulnerability |
| CVE-2026-21236 | 7.8 HIGH | Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability |
| CVE-2026-21246 | 7.8 HIGH | Windows Graphics Component Elevation of Privilege Vulnerability |
| CVE-2026-21259 | 7.8 HIGH | Microsoft Excel Elevation of Privilege Vulnerability |
| CVE-2026-21519 | 7.8 HIGH | Desktop Window Manager Elevation of Privilege Vulnerability |
Showing top 20 of 54 CVEs. View all on vendor page → →
IV. Related Vulnerabilities
Same vendor: Microsoft
- CVE-2026-42901
Microsoft Entra ID Elevation of Privilege Vulnerability - CVE-2026-23663
Microsoft Global Secure Access (GSA) Information Disclosure - CVE-2026-41104
Microsoft Planetary Computer Pro Information Disclosure Vuln - CVE-2026-45659
Microsoft SharePoint Remote Code Execution Vulnerability - CVE-2026-26147
Azure Stack HCI Information Disclosure Vulnerability
Same weakness: CWE-59
- CVE-2026-40610
BentoML has Information Disclosure in `bentoml build` via sy - CVE-2025-71212
Trend Micro Apex One 后置链接漏洞 - CVE-2026-44051
Arbitrary file read via attacker-controlled symlink creation - CVE-2026-42834
Windows Admin Center in Azure Portal Elevation of Privilege - CVE-2026-41091
Microsoft Defender Elevation of Privilege Vulnerability
V. Comments for CVE-2026-21517
No comments yet