216.73.217.22

CVE-2026-34883

· Published 19/05/2026 15:16 · Modified 19/05/2026 18:04

Labels: CVE-2026-34883 2026-05-19CVE-2026-34883CWE-59[email protected]

Essential information

Published
19/05/2026 15:16
Modified
19/05/2026 18:04
Author
Creator
CVSS
5.3 MEDIUM (v3.1)
CISA KEV
No
CWE
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

CVSS metrics

Description

An issue was discovered in the Portrait Dell Color Management application before 3.7.0 for Dell monitors. On Windows, a symbolic link vulnerability allows a local low-privileged user to escalate privileges to Administrator. During installation, the software writes the file CCFLFamily_07Feb11.edr to C:\ProgramData\Portrait Displays\CW\data\i1D3\ while running with elevated privileges. Because the installer does not properly validate symbolic links or reparse points at the destination path, an attacker can create a malicious link that redirects the write operation to an arbitrary system location, enabling arbitrary file creation or overwrite with elevated privileges.

NVD status

Status
Awaiting Analysis — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
dell / portrait color management cpe:2.3:a:dell:portrait_color_management:<3.7.0:*:*:*:*:*:*:*

References