{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-26143", "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "state": "PUBLISHED", "assignerShortName": "microsoft", "dateReserved": "2026-02-11T16:24:51.134Z", "datePublished": "2026-04-14T16:57:53.686Z", "dateUpdated": "2026-04-16T14:18:44.218Z"}, "containers": {"cna": {"title": "Microsoft PowerShell Security Feature Bypass Vulnerability", "datePublic": "2026-04-14T14:00:00.000Z", "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:microsoft:powershell:*:-:*:*:*:*:*:*", "versionStartIncluding": "7.5.0", "versionEndExcluding": "7.5.5"}, {"vulnerable": true, "criteria": "cpe:2.3:a:microsoft:powershell:*:-:*:*:*:*:*:*", "versionStartIncluding": "7.4.0", "versionEndExcluding": "7.4.14"}]}]}], "affected": [{"vendor": "Microsoft", "product": "PowerShell 7.4", "versions": [{"version": "7.4.0", "lessThan": "7.4.14", "versionType": "custom", "status": "affected"}]}, {"vendor": "Microsoft", "product": "PowerShell 7.5", "versions": [{"version": "7.5.0", "lessThan": "7.5.5", "versionType": "custom", "status": "affected"}]}], "descriptions": [{"value": "Improper input validation in Microsoft PowerShell allows an unauthorized attacker to bypass a security feature locally.", "lang": "en-US"}], "problemTypes": [{"descriptions": [{"description": "CWE-20: Improper Input Validation", "lang": "en-US", "type": "CWE", "cweId": "CWE-20"}]}], "providerMetadata": {"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft", "dateUpdated": "2026-04-16T14:18:44.218Z"}, "references": [{"name": "Microsoft PowerShell Security Feature Bypass Vulnerability", "tags": ["vendor-advisory", "patch"], "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26143"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en-US", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "baseSeverity": "HIGH", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C"}}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-26143", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-04-16T13:24:29.195623Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-16T13:26:39.733Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-26143", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-04-16T13:24:29.195623Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-16T13:26:08.465Z"}}], "cna": {"title": "Microsoft PowerShell Security Feature Bypass Vulnerability", "metrics": [{"format": "CVSS", "cvssV3_1": {"version": "3.1", "baseScore": 7.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C"}, "scenarios": [{"lang": "en-US", "value": "GENERAL"}]}], "affected": [{"vendor": "Microsoft", "product": "PowerShell 7.4", "versions": [{"status": "affected", "version": "7.4.0", "lessThan": "7.4.14", "versionType": "custom"}]}, {"vendor": "Microsoft", "product": "PowerShell 7.5", "versions": [{"status": "affected", "version": "7.5.0", "lessThan": "7.5.5", "versionType": "custom"}]}], "datePublic": "2026-04-14T14:00:00.000Z", "references": [{"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26143", "name": "Microsoft PowerShell Security Feature Bypass Vulnerability", "tags": ["vendor-advisory", "patch"]}], "descriptions": [{"lang": "en-US", "value": "Improper input validation in Microsoft PowerShell allows an unauthorized attacker to bypass a security feature locally."}], "problemTypes": [{"descriptions": [{"lang": "en-US", "type": "CWE", "cweId": "CWE-20", "description": "CWE-20: Improper Input Validation"}]}], "cpeApplicability": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:powershell:*:-:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "7.5.5", "versionStartIncluding": "7.5.0"}, {"criteria": "cpe:2.3:a:microsoft:powershell:*:-:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "7.4.14", "versionStartIncluding": "7.4.0"}], "operator": "OR"}]}], "providerMetadata": {"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft", "dateUpdated": "2026-04-15T21:54:49.579Z"}}}, "cveMetadata": {"cveId": "CVE-2026-26143", "state": "PUBLISHED", "dateUpdated": "2026-04-16T13:26:39.733Z", "dateReserved": "2026-02-11T16:24:51.134Z", "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "datePublished": "2026-04-14T16:57:53.686Z", "assignerShortName": "microsoft"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Improper input validation in Microsoft PowerShell allows an unauthorized attacker to bypass a security feature locally."}], "id": "CVE-2026-26143", "lastModified": "2026-04-14T18:16:45.620", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "secure@microsoft.com", "type": "Primary"}]}, "published": "2026-04-14T18:16:45.620", "references": [{"source": "secure@microsoft.com", "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26143"}], "sourceIdentifier": "secure@microsoft.com", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "secure@microsoft.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[7.4.0,7.4.14)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[7.5.0,7.5.5)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "inferred", "scores": [{"score": 100.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "product": "powershell", "vendor": "microsoft"}], "analysis": {"en": {"generated_at": "2026-04-14T19:15:34.801001+00:00", "value": {"mitigation_remediation": ["Apply the Microsoft security update that addresses CVE-2026-26143.", "Verify that all instances of PowerShell 7.4 and 7.5 are upgraded to the patched versions."], "summary": {"action": "Apply Patch", "impact": "Security Feature Bypass"}, "threat_synthesis": {"affected_systems": "Microsoft PowerShell releases 7.4 and 7.5 on Windows are affected. The advisory does not list specific patch levels, so all builds within those major releases are considered vulnerable.", "description_and_impact": "Improper input validation in Microsoft PowerShell enables an unauthorized user who can supply crafted input locally to bypass a security feature that is intended to restrict certain actions. The weakness follows the characteristics of input validation errors (CWE-20) and allows the attacker to exercise operations that the security policy is meant to block, thereby undermining the integrity of the intended controls.", "risk_and_exploitability": "The CVSS base score of 7.8 reflects a high severity vulnerability. Exploit probability data is not available, and the issue is not classified in the CISA Known Exploited Vulnerabilities catalog. The attack vector is inferred to be local, requiring the attacker to feed malicious input to a PowerShell session. If successful, the attacker can bypass a security feature and potentially perform additional privileged actions within the scope of the user, representing a substantial risk in environments where PowerShell is run with elevated privileges."}}}}, "created": "2026-04-15T15:00:06.167835+00:00", "updated": "2026-04-15T20:45:06.211868+00:00", "vendors": ["microsoft", "microsoft$PRODUCT$powershell"]}