Severity by source
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Primary rating from NVD.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Lifecycle Timeline
6DescriptionCVE.org
Improper input validation in Microsoft PowerShell allows an unauthorized attacker to bypass a security feature locally.
AnalysisAI
Authentication bypass in Microsoft PowerShell 7.4 (versions prior to 7.4.14) and 7.5 (versions prior to 7.5.5) allows local attackers to bypass security features through improper input validation. The vulnerability requires user interaction but no authentication (PR:N), enabling attackers to achieve high impact across confidentiality, integrity, and availability. Microsoft has released patches addressing this security feature bypass. EPSS data not available; no confirmed active exploitation (CISA KEV) identified at time of analysis.
Technical ContextAI
This vulnerability affects Microsoft PowerShell 7.4.x and 7.5.x branches, specifically versions before 7.4.14 and 7.5.5 respectively. The root cause is CWE-20 (Improper Input Validation), indicating PowerShell fails to properly sanitize or validate input data before processing security-critical operations. PowerShell is Microsoft's cross-platform task automation and configuration management framework built on .NET, widely used for system administration and scripting. The improper validation allows attackers to craft malicious input that bypasses intended security controls, potentially circumventing execution policies, constrained language mode restrictions, or other security boundaries designed to prevent unauthorized code execution or privilege escalation within the PowerShell environment.
RemediationAI
Upgrade Microsoft PowerShell to patched versions immediately. For PowerShell 7.4 branch, upgrade to version 7.4.14 or later. For PowerShell 7.5 branch, upgrade to version 7.5.5 or later. Download patches and detailed remediation guidance from the official Microsoft Security Response Center advisory at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26143. Organizations should inventory all PowerShell installations across Windows, Linux, and macOS endpoints to ensure comprehensive patch coverage. Until patching is complete, consider restricting PowerShell execution through Group Policy or application control solutions, limiting usage to authorized administrators only, and monitoring PowerShell script execution logs for suspicious activity. Review and harden PowerShell execution policies, though note this vulnerability allows bypass of such security features.
Same weakness CWE-20 – Improper Input Validation
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-22369
GHSA-hrfw-jjgv-mg38