Description
Improper link resolution before file access ('link following') in Windows App for Mac allows an authorized attacker to elevate privileges locally.
Scores
CVSS v3
4.7
EPSS
0.0004
EPSS Percentile
13.3%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-59
Status
published
Products (2)
Microsoft/Windows App for Mac
11.0.0 - 11.3.2
microsoft/windows_app
< 11.3.2
Published
Feb 10, 2026
Tracked Since
Feb 18, 2026