CVE-2026-34883 - Dell Portrait Color Management Symbolic Link Escalation
CVE ID :CVE-2026-34883
Published : May 19, 2026, 3:16 p.m. | 1 hour, 42 minutes ago
Description :An issue was discovered in the Portrait Dell Color Management application before 3.7.0 for Dell monitors. On Windows, a symbolic link vulnerability allows a local low-privileged user to escalate privileges to Administrator. During installation, the software writes the file CCFLFamily_07Feb11.edr to C:\ProgramData\Portrait Displays\CW\data\i1D3\ while running with elevated privileges. Because the installer does not properly validate symbolic links or reparse points at the destination path, an attacker can create a malicious link that redirects the write operation to an arbitrary system location, enabling arbitrary file creation or overwrite with elevated privileges.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
Published : May 19, 2026, 3:16 p.m. | 1 hour, 42 minutes ago
Description :An issue was discovered in the Portrait Dell Color Management application before 3.7.0 for Dell monitors. On Windows, a symbolic link vulnerability allows a local low-privileged user to escalate privileges to Administrator. During installation, the software writes the file CCFLFamily_07Feb11.edr to C:\ProgramData\Portrait Displays\CW\data\i1D3\ while running with elevated privileges. Because the installer does not properly validate symbolic links or reparse points at the destination path, an attacker can create a malicious link that redirects the write operation to an arbitrary system location, enabling arbitrary file creation or overwrite with elevated privileges.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...