Description
Deserialization of untrusted data in Microsoft High Performance Compute Pack (HPC) allows an authorized attacker to elevate privileges locally.
Published: 2026-04-14
Score: 7.8 High
EPSS: < 1% Very Low
KEV: No
Impact: Privilege Escalation
Action: Immediate Patch
AI Analysis

Impact

A flaw in deserializing untrusted data within Microsoft HPC Pack 2019 can be triggered by an authorized local user to gain elevated privileges. The vulnerability is tied to input validation failures, reflected in CWE‑502. If successful, the attacker may obtain higher system access, enabling further compromise. The impact is confined to the host where HPC Pack is installed.

Affected Systems

Microsoft HPC Pack 2019 is the affected product, as identified by the CNA. No specific sub‑versions are listed, so all installations of 2019 are considered vulnerable.

Risk and Exploitability

The CVSS score of 7.8 indicates a high risk of potential damage. With no EPSS data available, the public exploitation likelihood is unknown, but the vulnerability is not marked in the KEV catalog. Since the flaw requires an authorized user and local access, the attack vector is likely local. An attacker who can submit arbitrary data to the deserialization process can elevate privileges and gain control over the affected system.

Generated by OpenCVE AI on April 14, 2026 at 20:02 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Check for and install the Microsoft HPC Pack 2019 update that addresses CVE-2026-32184.
  • Verify that the update applies to all installations and test after deployment.
  • Limit HPC Pack usage to trusted users and remove unnecessary system permissions to reduce the impact of any remaining issue.

Generated by OpenCVE AI on April 14, 2026 at 20:02 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 15 Apr 2026 21:15:00 +0000

Type Values Removed Values Added
First Time appeared Microsoft hpc Pack
Vendors & Products Microsoft hpc Pack

Tue, 14 Apr 2026 20:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 14 Apr 2026 17:30:00 +0000

Type Values Removed Values Added
Description Deserialization of untrusted data in Microsoft High Performance Compute Pack (HPC) allows an authorized attacker to elevate privileges locally.
Title Microsoft High Performance Compute (HPC) Pack Elevation of Privilege Vulnerability
First Time appeared Microsoft
Microsoft microsoft Hpc Pack 2019
Weaknesses CWE-502
CPEs cpe:2.3:a:microsoft:microsoft_hpc_pack_2019:*:*:*:*:*:*:*:*
Vendors & Products Microsoft
Microsoft microsoft Hpc Pack 2019
References
Metrics cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C'}

Subscriptions

Microsoft Hpc Pack Microsoft Hpc Pack 2019
cve-icon MITRE

Status: PUBLISHED

Assigner: microsoft

Published:

Updated: 2026-04-17T16:12:29.352Z

Reserved: 2026-03-11T00:26:53.426Z

Link: CVE-2026-32184

cve-icon Vulnrichment

Updated: 2026-04-14T19:30:54.582Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-04-14T18:17:21.777

Modified: 2026-04-17T15:10:35.607

Link: CVE-2026-32184

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-15T21:00:09Z

Weaknesses