Back to overview

CVE-2026-15475

MEDIUM
5.3
CVSS 3.1
Description
A weakness has been identified in MiniTool Partition Wizard up to 13.6. The affected element is an unknown function in the library pwdrvio.sys of the component Signed Kernel Driver. This manipulation causes improper access controls. The attack can only be executed locally. The exploit has been made available to the public and could be used for attacks. Upgrading to version 13.9 is sufficient to fix this issue. The affected component should be upgraded. The vendor was contacted early about this disclosure.

Metadata

CVE ID
CVE-2026-15475
State
PUBLISHED
Assigner
VulDB
Reserved
2026-07-11 09:40 UTC
Published
2026-07-12 02:15 UTC
Last updated
2026-07-12 02:15 UTC
Primary CWE
CWE-284
Improper Access Controls
Vendor / Product
MiniTool / Partition Wizard
Sources
cve.org  ·  NVD

Severity & Metrics

5.3 MEDIUM CVSS 3.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C
Affected products (1)
VendorProductPlatformVersions
MiniTool Partition Wizard 13.0, 13.1, 13.2, 13.3 …
Weakness (CWE)
CWESourceDescription
CWE-266 cna Incorrect Privilege Assignment
CWE-284 cna Improper Access Controls
CVSS scores (4)
ScoreSeverityVersionSourceVector
5.3 MEDIUM 3.1 cna CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C
5.3 MEDIUM 3.0 cna CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C
4.8 MEDIUM 4.0 cna CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
4.3 N/D 2.0 cna AV:L/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:OF/RC:C
References (6)
Back to overview