Cyber Resilience

CVE-2026-23654

High

Published: 10 March 2026

Published
10 March 2026
Modified
13 March 2026
KEV Added
Patch
CVSS Score v3.1 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score 0.0093 56.1th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2026-23654 is a high-severity an unspecified weakness vulnerability in Microsoft Zero-Shot-Scfoundation. Its CVSS base score is 8.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Client Execution (T1203); ranked in the top 43.9% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 RA-5 (Vulnerability Monitoring and Scanning) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2026-23654, published on 2026-03-10T18:18:13.743, is a vulnerability arising from a dependency on a vulnerable third-party component in the GitHub repository zero-shot-scfoundation. This flaw enables an unauthorized attacker to execute code over a network. It carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) and is categorized under NVD-CWE-noinfo.

The vulnerability can be exploited by an unauthorized attacker with network access and no required privileges, provided they can induce user interaction, such as clicking a link or opening a malicious file. Successful exploitation grants the attacker high-impact capabilities, including unauthorized disclosure of confidential information, modification of data or system integrity, and denial of availability through remote code execution.

Mitigation guidance is available in the Microsoft Security Response Center advisory at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-23654.

EU & UK References

Vulnerability details

Dependency on vulnerable third-party component in GitHub Repo: zero-shot-scfoundation allows an unauthorized attacker to execute code over a network.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1203 Exploitation for Client Execution Execution
Adversaries may exploit software vulnerabilities in client applications to execute code.
T1195.001 Compromise Software Dependencies and Development Tools Initial Access
Adversaries may manipulate software dependencies and development tools prior to receipt by a final consumer for the purpose of data or system compromise.
Why these techniques?

RCE via vulnerable third-party dependency with UI:R maps to client-side exploitation (T1203) and supply-chain compromise (T1195.001).

Confidence: MEDIUM · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2025-21266Same vendor: Microsoft
CVE-2026-32157Same vendor: Microsoft
CVE-2026-26110Same vendor: Microsoft
CVE-2025-21339Same vendor: Microsoft
CVE-2026-40359Same vendor: Microsoft
CVE-2026-40358Same vendor: Microsoft
CVE-2025-21239Same vendor: Microsoft
CVE-2025-21354Same vendor: Microsoft
CVE-2026-20952Same vendor: Microsoft
CVE-2025-26645Same vendor: Microsoft

Affected Assets

microsoft
zero-shot-scfoundation
≤ 0.1.1

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires identification, reporting, and correction of flaws like the vulnerable third-party component in CVE-2026-23654 to prevent remote code execution.

detect

Enables regular vulnerability scanning to identify the presence of the exploitable third-party dependency in CVE-2026-23654.

detect

Maintains an inventory of system components, including third-party dependencies, to facilitate detection and remediation of vulnerabilities like CVE-2026-23654.

References