Severity by source
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
6DescriptionCVE.org
Improper input validation in Microsoft PowerShell allows an authorized attacker to elevate privileges locally.
AnalysisAI
Microsoft PowerShell privilege escalation affecting Windows 10/11 and Server 2016-2025 allows authenticated local attackers with low privileges to gain SYSTEM-level access through improper input validation (CWE-20). The vulnerability has a CVSS score of 7.8 with low attack complexity and requires no user interaction, enabling straightforward exploitation by any standard user account. No public exploit identified at time of analysis, though the attack vector's simplicity (AV:L/AC:L/PR:L/UI:N) sug
Technical ContextAI
This vulnerability stems from improper input validation (CWE-20) within Microsoft PowerShell's command processing engine. PowerShell is a task automation framework built on .NET that provides administrative scripting capabilities across Windows environments. The input validation flaw allows maliciously crafted commands or parameters to bypass security controls that normally restrict PowerShell operations to the user's privilege context. Given PowerShell's deep integration with Windows system management interfaces and its ability to invoke .NET classes, COM objects, and native Windows APIs, insufficient input sanitization can enable attackers to manipulate execution contexts and escalate from standard user (PR:L) to administrative or SYSTEM privileges. The vulnerability affects PowerShell as shipped with Windows 10 versions 1607/1809/21H2/22H2, Windows 11 versions 22H3/23H2/24H2/25H2/26H1, and Windows Server 2016/2019/2022/2025 including Server Core installations, indicating the flaw exists in core PowerShell runtime components shared across these platforms rather than version-specific features.
RemediationAI
Apply Microsoft's security updates immediately through Windows Update or WSUS to upgrade to patched builds: Windows 10 Version 1607 to build 10.0.14393.9060 or later, Windows 10 Version 1809 to build 10.0.17763.8644 or later, Windows 10 Version 21H2 to build 10.0.19044.7184 or later, Windows 10 Version 22H2 to build 10.0.19045.7184 or later, Windows 11 Version 22H3/23H2 to build 10.0.22631.6936 or later, Windows 11 Version 24H2 to build 10.0.26100.32690 or later, Windows 11 Version 25H2 to build 10.0.26200.8246 or later, Windows 11 Version 26H1 to build 10.0.28000.1836 or later, Windows Server 2016 to build 10.0.14393.9060 or later, Windows Server 2019 to build 10.0.17763.8644 or later, Windows Server 2
Same weakness CWE-20 – Improper Input Validation
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-22402