Analysis and contextual insights are available on OpenCVE Cloud.
No vendor fix or workaround currently provided.
Additional remediation guidance may be available on OpenCVE Cloud.
Tracking
Sign in to view the affected projects.
No advisories yet.
Tue, 19 May 2026 21:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Title | Symbolic Link Vulnerability in Portrait Dell Color Management Allows Local Privilege Escalation |
Tue, 19 May 2026 19:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Title | Local Privilege Escalation via Symbolic Link Vulnerability in Portrait Dell Color Management | |
| Weaknesses | CWE-774 CWE-862 |
Tue, 19 May 2026 17:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Weaknesses | CWE-774 CWE-862 |
Tue, 19 May 2026 17:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Weaknesses | CWE-774 CWE-862 |
Tue, 19 May 2026 16:00:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Title | Local Privilege Escalation via Symbolic Link Vulnerability in Portrait Dell Color Management | |
| Weaknesses | CWE-774 CWE-862 |
Tue, 19 May 2026 15:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Portrait
Portrait dell Color Management |
|
| Vendors & Products |
Portrait
Portrait dell Color Management |
Tue, 19 May 2026 15:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Weaknesses | CWE-59 | |
| Metrics |
cvssV3_1
|
Tue, 19 May 2026 14:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | An issue was discovered in the Portrait Dell Color Management application before 3.7.0 for Dell monitors. On Windows, a symbolic link vulnerability allows a local low-privileged user to escalate privileges to Administrator. During installation, the software writes the file CCFLFamily_07Feb11.edr to C:\ProgramData\Portrait Displays\CW\data\i1D3\ while running with elevated privileges. Because the installer does not properly validate symbolic links or reparse points at the destination path, an attacker can create a malicious link that redirects the write operation to an arbitrary system location, enabling arbitrary file creation or overwrite with elevated privileges. | |
| References |
|
Status: PUBLISHED
Assigner: mitre
Published:
Updated: 2026-05-19T14:39:40.795Z
Reserved: 2026-03-31T00:00:00.000Z
Link: CVE-2026-34883
Updated: 2026-05-19T14:39:36.918Z
Status : Awaiting Analysis
Published: 2026-05-19T15:16:30.150
Modified: 2026-06-17T10:39:47.140
Link: CVE-2026-34883
No data.
OpenCVE Enrichment
Updated: 2026-05-19T21:00:11Z