Link following in Windows and Windows Server - CVE-2026-49791
Published: July 17, 2026
Windows
Windows Server
Detailed vulnerability description
The vulnerability allows a local user to escalate privileges.
The vulnerability exists due to improper link resolution before file access in Windows Routing and Remote Access Service (RRAS) when accessing files through links. A local user can exploit link following to escalate privileges.
Successful exploitation could result in SYSTEM privileges.