PT-2026-41934 · Dell · Portrait Dell Color Management
Published
2026-05-19
·
Updated
2026-05-20
·
CVE-2026-34883
CVSS v3.1
5.3
Medium
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L |
Name of the Vulnerable Software and Affected Versions
Portrait Dell Color Management versions prior to 3.7.0
Description
A symbolic link issue exists in the Portrait Dell Color Management application on Windows. A local low-privileged user can escalate privileges to Administrator because the installer does not properly validate symbolic links or reparse points at the destination path when writing the file "CCFLFamily 07Feb11.edr" to "C:ProgramDataPortrait DisplaysCWdatai1D3" while running with elevated privileges. This allows an attacker to create a malicious link that redirects the write operation to an arbitrary system location, enabling arbitrary file creation or overwrite with elevated privileges.
Recommendations
Update to version 3.7.0 or later.
Fix
LPE
Link Following
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Portrait Dell Color Management