CVE-2026-34883

Severity CVSS v4.0:

Pending analysis

Type:

Unavailable / Other

Publication date:

19/05/2026

Last modified:

19/05/2026

Description

An issue was discovered in the Portrait Dell Color Management application before 3.7.0 for Dell monitors. On Windows, a symbolic link vulnerability allows a local low-privileged user to escalate privileges to Administrator. During installation, the software writes the file CCFLFamily_07Feb11.edr to C:\ProgramData\Portrait Displays\CW\data\i1D3\ while running with elevated privileges. Because the installer does not properly validate symbolic links or reparse points at the destination path, an attacker can create a malicious link that redirects the write operation to an arbitrary system location, enabling arbitrary file creation or overwrite with elevated privileges.

Impact

References to Advisories, Solutions, and Tools

https://www.portrait.com/dell
https://www.portrait.com/dell-security-cve-updates/