Description
Deserialization of untrusted data in Microsoft High Performance Compute Pack (HPC) allows an authorized attacker to elevate privileges locally.
Published: 2026-04-14
Score: 7.8 High
EPSS: 1.9% Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A flaw in deserializing untrusted data within Microsoft HPC Pack 2019 can be triggered by an authorized local user to gain elevated privileges. The vulnerability is tied to input validation failures, reflected in CWE‑502. If successful, the attacker may obtain higher system access, enabling further compromise. The impact is confined to the host where HPC Pack is installed.

Affected Systems

Microsoft HPC Pack 2019 is the affected product, as identified by the CNA. No specific sub‑versions are listed, so all installations of 2019 are considered vulnerable.

Risk and Exploitability

The CVSS score of 7.8 indicates a high risk of potential damage. The EPSS score of 2% suggests a low to moderate likelihood of exploitation, and the vulnerability is not listed in the KEV catalog. Since the flaw requires an authorized user and local access, the attack vector is likely local. An attacker who can submit arbitrary data to the deserialization process can elevate privileges and gain control over the affected system.

Generated by OpenCVE AI on June 18, 2026 at 09:11 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the Microsoft security update for HPC Pack 2019 that resolves the deserialization flaw (CVE‑2026‑32184).
  • Ensure HPC privileges and consider disabling any unused services.
  • Restrict local user permissions and enforce the principle of least privilege; only trusted administrators should have access to HPC Pack.

Generated by OpenCVE AI on June 18, 2026 at 09:11 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 06 May 2026 18:15:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:microsoft:hpc_pack:*:*:*:*:*:*:*:*

Wed, 15 Apr 2026 21:15:00 +0000

Type Values Removed Values Added
First Time appeared Microsoft hpc Pack
Vendors & Products Microsoft hpc Pack

Tue, 14 Apr 2026 20:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 14 Apr 2026 17:30:00 +0000

Type Values Removed Values Added
Description Deserialization of untrusted data in Microsoft High Performance Compute Pack (HPC) allows an authorized attacker to elevate privileges locally.
Title Microsoft High Performance Compute (HPC) Pack Elevation of Privilege Vulnerability
First Time appeared Microsoft
Microsoft microsoft Hpc Pack 2019
Weaknesses CWE-502
CPEs cpe:2.3:a:microsoft:microsoft_hpc_pack_2019:*:*:*:*:*:*:*:*
Vendors & Products Microsoft
Microsoft microsoft Hpc Pack 2019
References
Metrics cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C'}

Subscriptions

Microsoft Hpc Pack Microsoft Hpc Pack 2019
cve-icon MITRE

Status: PUBLISHED

Assigner: microsoft

Published:

Updated: 2026-06-19T16:07:59.555Z

Reserved: 2026-03-11T00:26:53.426Z

Link: CVE-2026-32184

cve-icon Vulnrichment

Updated: 2026-04-14T19:30:54.582Z

cve-icon NVD

Status : Analyzed

Published: 2026-04-14T18:17:21.777

Modified: 2026-06-17T10:35:18.200

Link: CVE-2026-32184

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-18T09:15:16Z

Weaknesses
  • CWE-502

    Deserialization of Untrusted Data