Description
Improper input validation in Microsoft PowerShell allows an unauthorized attacker to bypass a security feature locally.
Published: 2026-04-14
Score: 7.8 High
EPSS: < 1% Very Low
KEV: No
Impact: Security Feature Bypass
Action: Apply Patch
AI Analysis

Impact

Improper input validation in Microsoft PowerShell enables an unauthorized user who can supply crafted input locally to bypass a security feature that is intended to restrict certain actions. The weakness follows the characteristics of input validation errors (CWE-20) and allows the attacker to exercise operations that the security policy is meant to block, thereby undermining the integrity of the intended controls.

Affected Systems

Microsoft PowerShell releases 7.4 and 7.5 on Windows are affected. The advisory does not list specific patch levels, so all builds within those major releases are considered vulnerable.

Risk and Exploitability

The CVSS base score of 7.8 reflects a high severity vulnerability. Exploit probability data is not available, and the issue is not classified in the CISA Known Exploited Vulnerabilities catalog. The attack vector is inferred to be local, requiring the attacker to feed malicious input to a PowerShell session. If successful, the attacker can bypass a security feature and potentially perform additional privileged actions within the scope of the user, representing a substantial risk in environments where PowerShell is run with elevated privileges.

Generated by OpenCVE AI on April 14, 2026 at 19:15 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the Microsoft security update that addresses CVE-2026-26143.
  • Verify that all instances of PowerShell 7.4 and 7.5 are upgraded to the patched versions.

Generated by OpenCVE AI on April 14, 2026 at 19:15 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 27 Apr 2026 20:00:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:microsoft:powershell:*:*:*:*:*:*:*:*

Thu, 16 Apr 2026 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 14 Apr 2026 17:30:00 +0000

Type Values Removed Values Added
Description Improper input validation in Microsoft PowerShell allows an unauthorized attacker to bypass a security feature locally.
Title Microsoft PowerShell Security Feature Bypass Vulnerability
First Time appeared Microsoft
Microsoft powershell
Weaknesses CWE-20
CPEs cpe:2.3:a:microsoft:powershell:*:-:*:*:*:*:*:*
Vendors & Products Microsoft
Microsoft powershell
References
Metrics cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C'}

Subscriptions

Microsoft Powershell
cve-icon MITRE

Status: PUBLISHED

Assigner: microsoft

Published:

Updated: 2026-04-30T14:41:49.113Z

Reserved: 2026-02-11T16:24:51.134Z

Link: CVE-2026-26143

cve-icon Vulnrichment

Updated: 2026-04-16T13:26:08.465Z

cve-icon NVD

Status : Analyzed

Published: 2026-04-14T18:16:45.620

Modified: 2026-04-27T19:59:18.223

Link: CVE-2026-26143

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-15T20:45:06Z

Weaknesses