Cyber Posture

CVE-2026-23654

High

Published: 10 March 2026

Published
10 March 2026
Modified
13 March 2026
KEV Added
Patch
CVSS Score 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score 0.0005 15.4th percentile
Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-23654 is a high-severity an unspecified weakness vulnerability in Microsoft Zero-Shot-Scfoundation. Its CVSS base score is 8.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Client Execution (T1203); ranked at the 15.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 RA-5 (Vulnerability Monitoring and Scanning) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploitation for Client Execution (T1203) and 1 other technique. What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match
prevent

Directly requires identification, reporting, and correction of flaws like the vulnerable third-party component in CVE-2026-23654 to prevent remote code execution.

RA-5 Vulnerability Monitoring and Scanning good match
detect

Enables regular vulnerability scanning to identify the presence of the exploitable third-party dependency in CVE-2026-23654.

CM-8 System Component Inventory partial match
detect

Maintains an inventory of system components, including third-party dependencies, to facilitate detection and remediation of vulnerabilities like CVE-2026-23654.

MITRE ATT&CK Enterprise TechniquesAI

T1203 Exploitation for Client Execution Execution
Adversaries may exploit software vulnerabilities in client applications to execute code.
attack.mitre.org →
T1195.001 Compromise Software Dependencies and Development Tools Initial Access
Adversaries may manipulate software dependencies and development tools prior to receipt by a final consumer for the purpose of data or system compromise.
attack.mitre.org →
Why these techniques?

RCE via vulnerable third-party dependency with UI:R maps to client-side exploitation (T1203) and supply-chain compromise (T1195.001).

Confidence: MEDIUM · MITRE ATT&CK Enterprise v18.1

NVD Description

Dependency on vulnerable third-party component in GitHub Repo: zero-shot-scfoundation allows an unauthorized attacker to execute code over a network.

Deeper analysisAI

CVE-2026-23654, published on 2026-03-10T18:18:13.743, is a vulnerability arising from a dependency on a vulnerable third-party component in the GitHub repository zero-shot-scfoundation. This flaw enables an unauthorized attacker to execute code over a network. It carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) and is categorized under NVD-CWE-noinfo.

The vulnerability can be exploited by an unauthorized attacker with network access and no required privileges, provided they can induce user interaction, such as clicking a link or opening a malicious file. Successful exploitation grants the attacker high-impact capabilities, including unauthorized disclosure of confidential information, modification of data or system integrity, and denial of availability through remote code execution.

Mitigation guidance is available in the Microsoft Security Response Center advisory at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-23654.

Details

CWE(s)
NVD-CWE-noinfo

Affected Products

microsoft
zero-shot-scfoundation
≤ 0.1.1

CVEs Like This One

CVE-2025-21239Same vendor: Microsoft
CVE-2025-24081Same vendor: Microsoft
CVE-2025-26645Same vendor: Microsoft
CVE-2026-21510Same vendor: Microsoft
CVE-2025-21362Same vendor: Microsoft
CVE-2026-20952Same vendor: Microsoft
CVE-2025-62557Same vendor: Microsoft
CVE-2025-21240Same vendor: Microsoft
CVE-2025-21339Same vendor: Microsoft
CVE-2025-21233Same vendor: Microsoft

References