EUVD-2026-22565
Deserialization of Untrusted Data (CWE-502)
2026-04-14
microsoft
7.8
CVSS 3.1 · NVD
Temporal: 6.8
Share
Severity by source
NVD
PRIMARY
7.8
HIGH
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
ENISA EUVD
HIGH
qualitative
CIRCL (temporal)
6.8
MEDIUM
cvss
Primary rating from NVD.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Lifecycle Timeline
6
Re-analysis Queued
Apr 17, 2026 - 15:22 vuln.today
cvss_changed
Analysis Generated
Apr 14, 2026 - 19:21 vuln.today
EUVD ID Assigned
Apr 14, 2026 - 17:46 euvd
EUVD-2026-22565
Analysis Generated
Apr 14, 2026 - 17:46 vuln.today
Patch released
Apr 14, 2026 - 17:46 nvd
Patch available
CVE Published
Apr 14, 2026 - 16:57 nvd
HIGH 7.8
DescriptionCVE.org
Deserialization of untrusted data in Microsoft High Performance Compute Pack (HPC) allows an authorized attacker to elevate privileges locally.
AnalysisAI
Deserialization of untrusted data in Microsoft HPC Pack 2019 enables authenticated local attackers to escalate privileges to SYSTEM level. Affects all versions below 6.3.8355. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Access
Obtain low-privilege HPC Pack credentials
Delivery
Access HPC management interface
Exploit
Craft malicious serialized .NET payload
Execution
Submit payload to vulnerable deserialization endpoint
Persist
Trigger code execution as SYSTEM
Impact
Execute commands with elevated privileges
Access
Obtain low-privilege HPC Pack credentials
Delivery
Access HPC management interface
Exploit
Craft malicious serialized .NET payload
Execution
Submit payload to vulnerable deserialization endpoint
Persist
Trigger code execution as SYSTEM
Impact
Execute commands with elevated privileges
Vulnerability AssessmentAI
| Exploitation | Attacker requires low-privilege local user account access to Microsoft HPC Pack system. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | Real-world risk is significant but context-dependent. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker with legitimate low-privilege access to the HPC Pack 2019 cluster (such as a compromised researcher account or malicious insider) crafts a malicious serialized .NET object containing gadget chains that invoke system commands. By submitting this payload through an HPC Pack API endpoint or job submission interface that deserializes user-controlled data, the attacker triggers code execution in the context of the HPC Pack service, typically running as SYSTEM or another highly privileged account, achieving complete control over the cluster management infrastructure and potentially all managed compute nodes. |
| Remediation | Upgrade Microsoft HPC Pack 2019 to version 6.3.8355 or later to remediate this vulnerability. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours: Inventory all Microsoft HPC Pack 2019 installations and document current versions. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
Share
External POC / Exploit Code
Leaving vuln.today
Destination URL
POC code from unknown sources may be malicious, contain backdoors, or be fake.
Always review and test exploit code in a safe, isolated environment (VM/sandbox).
Verify the source reputation and cross-reference with known databases (Exploit-DB, GitHub Security).