CVE-2026-34883

MEDIUM

Portrait Dell Color Management < 3.7.0 - Privilege Escalation via Symbolic Link Attack

Title source: llm

Description

An issue was discovered in the Portrait Dell Color Management application before 3.7.0 for Dell monitors. On Windows, a symbolic link vulnerability allows a local low-privileged user to escalate privileges to Administrator. During installation, the software writes the file CCFLFamily_07Feb11.edr to C:\ProgramData\Portrait Displays\CW\data\i1D3\ while running with elevated privileges. Because the installer does not properly validate symbolic links or reparse points at the destination path, an attacker can create a malicious link that redirects the write operation to an arbitrary system location, enabling arbitrary file creation or overwrite with elevated privileges.

References (2)

Core 2

Core References

https://www.portrait.com/dell-security-cve-updates/

https://www.portrait.com/dell

Scores

CVSS v3 5.3

EPSS 0.0014

EPSS Percentile 4.0%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-59

Status published

Published May 19, 2026

Tracked Since May 19, 2026