Skip to main content

Microsoft CVE-2026-26143

| EUVDEUVD-2026-22369 HIGH
Improper Input Validation (CWE-20)
2026-04-14 microsoft GHSA-hrfw-jjgv-mg38
7.8
CVSS 3.1 · NVD
Temporal: 6.8
Share

Severity by source

NVD PRIMARY
7.8 HIGH
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
ENISA EUVD
HIGH
qualitative
CIRCL (temporal)
6.8 MEDIUM
cvss

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

6
Re-analysis Queued
Apr 17, 2026 - 15:22 vuln.today
cvss_changed
Analysis Generated
Apr 14, 2026 - 19:25 vuln.today
EUVD ID Assigned
Apr 14, 2026 - 17:46 euvd
EUVD-2026-22369
Analysis Generated
Apr 14, 2026 - 17:46 vuln.today
Patch released
Apr 14, 2026 - 17:46 nvd
Patch available
CVE Published
Apr 14, 2026 - 16:57 nvd
HIGH 7.8

DescriptionCVE.org

Improper input validation in Microsoft PowerShell allows an unauthorized attacker to bypass a security feature locally.

AnalysisAI

Authentication bypass in Microsoft PowerShell 7.4 (versions prior to 7.4.14) and 7.5 (versions prior to 7.5.5) allows local attackers to bypass security features through improper input validation. The vulnerability requires user interaction but no authentication (PR:N), enabling attackers to achieve high impact across confidentiality, integrity, and availability. Microsoft has released patches addressing this security feature bypass. EPSS data not available; no confirmed active exploitation (CISA KEV) identified at time of analysis.

Technical ContextAI

This vulnerability affects Microsoft PowerShell 7.4.x and 7.5.x branches, specifically versions before 7.4.14 and 7.5.5 respectively. The root cause is CWE-20 (Improper Input Validation), indicating PowerShell fails to properly sanitize or validate input data before processing security-critical operations. PowerShell is Microsoft's cross-platform task automation and configuration management framework built on .NET, widely used for system administration and scripting. The improper validation allows attackers to craft malicious input that bypasses intended security controls, potentially circumventing execution policies, constrained language mode restrictions, or other security boundaries designed to prevent unauthorized code execution or privilege escalation within the PowerShell environment.

RemediationAI

Upgrade Microsoft PowerShell to patched versions immediately. For PowerShell 7.4 branch, upgrade to version 7.4.14 or later. For PowerShell 7.5 branch, upgrade to version 7.5.5 or later. Download patches and detailed remediation guidance from the official Microsoft Security Response Center advisory at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26143. Organizations should inventory all PowerShell installations across Windows, Linux, and macOS endpoints to ensure comprehensive patch coverage. Until patching is complete, consider restricting PowerShell execution through Group Policy or application control solutions, limiting usage to authorized administrators only, and monitoring PowerShell script execution logs for suspicious activity. Review and harden PowerShell execution policies, though note this vulnerability allows bypass of such security features.

Share

CVE-2026-26143 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy