CVE-2026-45586

high

Description

Improper link resolution before file access ('link following') in Windows Collaborative Translation Framework allows an authorized attacker to elevate privileges locally.

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45586

https://www.theregister.com/security/2026/06/10/nightmare-eclipse-publishes-new-windows-defender-zero-day/5253725

https://www.securityweek.com/new-windows-zero-day-exploit-rogueplanet-released/

https://www.malwarebytes.com/blog/bugs/2026/06/microsofts-biggest-ever-patch-tuesday-fixes-206-bugs-including-3-zero-days

https://www.infosecurity-magazine.com/news/microsoft-fixes-200-cves-in-june/

https://www.helpnetsecurity.com/2026/06/10/microsoft-patch-tuesday-rogueplanet/

https://www.bleepingcomputer.com/news/microsoft/microsoft-patches-yellowkey-greenplasma-miniplasma-zero-days/

https://thehackernews.com/2026/06/microsoft-patches-record-206-flaws.html

https://www.theregister.com/patches/2026/06/09/ai-is-making-patch-tuesday-kinda-fun-again/5253225

https://www.securityweek.com/microsoft-patches-200-vulnerabilities/

https://securityaffairs.com/193417/security/microsoft-releases-record-breaking-patch-tuesday-with-208-cves.html

https://krebsonsecurity.com/2026/06/a-record-breaking-patch-tuesday-for-june-2026/

https://cyberscoop.com/microsoft-patch-tuesday-june-2026/

https://arstechnica.com/security/2026/06/locked-in-heated-rivalry-with-researcher-microsoft-fixes-0-day-they-disclosed/

https://www.tenable.com/blog/microsofts-june-2026-patch-tuesday-addresses-198-cves-cve-2026-49160-cve-2026-50507

Details

Source: Mitre, NVD

Published: 2026-06-09

Updated: 2026-06-11

Named Vulnerability: GreenPlasma

Risk Information

CVSS v2

Base Score: 6.8

Vector: CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C

Severity: Medium

CVSS v3

Base Score: 7.8

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Severity: High

EPSS

EPSS: 0.00117

Detections

Analytics