CVE-2026-34883
5.3 MEDIUMAn issue was discovered in the Portrait Dell Color Management application before 3.7.0 for Dell monitors
Published: 2026-05-19 · Last updated: 2026-05-19
Severity and scoring
- CVSS
- 5.3 MEDIUM
- Vector
- CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
- CWE
- CWE-59
Description
An issue was discovered in the Portrait Dell Color Management application before 3.7.0 for Dell monitors. On Windows, a symbolic link vulnerability allows a local low-privileged user to escalate privileges to Administrator. During installation, the software writes the file CCFLFamily_07Feb11.edr to C:\ProgramData\Portrait Displays\CW\data\i1D3\ while running with elevated privileges. Because the installer does not properly validate symbolic links or reparse points at the destination path, an attacker can create a malicious link that redirects the write operation to an arbitrary system location, enabling arbitrary file creation or overwrite with elevated privileges.
Source: NVD
References
Related CVEs
Same CWE
- CVE-2026-50656 — Microsoft is aware of an elevation of privilege in the Microsoft Malware Protection Engine in Microsoft Defender publicly referred to as ... (7.8 HIGH)
- CVE-2026-54230 — A symlink following vulnerability was found in the ABRT post-create event handler scripts in libreport (7.0 HIGH)
- CVE-2026-54056 — Kitty is a cross-platform GPU based terminal (7.6 HIGH)
- CVE-2026-54055 — Kitty is a cross-platform GPU based terminal (5.0 MEDIUM)
- CVE-2025-46293 — This issue was addressed with improved handling of symlinks (5.5 MEDIUM)