Cyber Resilience

CVE-2026-26143

High

Published: 14 April 2026

Published
14 April 2026
Modified
27 April 2026
KEV Added
Patch
CVSS Score v3.1 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score 0.0006 19.0th percentile
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-26143 is a high-severity Improper Input Validation (CWE-20) vulnerability in Microsoft Powershell. Its CVSS base score is 7.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique PowerShell (T1059.001); ranked at the 19.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2026-26143 is an improper input validation vulnerability (CWE-20) in Microsoft PowerShell that enables an unauthorized attacker to bypass a security feature locally. Published on 2026-04-14, it carries a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H), indicating high severity due to its potential for significant impact.

An attacker with local access to the system can exploit this vulnerability with low complexity and no required privileges, though user interaction is necessary. Successful exploitation allows the attacker to achieve high levels of confidentiality, integrity, and availability impacts, effectively bypassing PowerShell's security controls.

The Microsoft Security Response Center provides details on mitigation and patches in its update guide at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26143.

EU & UK References

Vulnerability details

Improper input validation in Microsoft PowerShell allows an unauthorized attacker to bypass a security feature locally.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1059.001 PowerShell Execution
Adversaries may abuse PowerShell commands and scripts for execution.
Why these techniques?

The CVE describes an improper input validation flaw in PowerShell that directly bypasses its built-in security controls (e.g., execution policy, AMSI, constrained language mode). This enables an attacker to run arbitrary PowerShell commands/scripts locally that would otherwise be blocked, mapping directly to the PowerShell command-and-scripting-interpreter technique.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2026-27913Same vendor: Microsoft
CVE-2026-33844Same vendor: Microsoft
CVE-2025-21344Same vendor: Microsoft
CVE-2026-20951Same vendor: Microsoft
CVE-2026-26154Same vendor: Microsoft
CVE-2024-21413Same vendor: Microsoft
CVE-2026-32168Same vendor: Microsoft
CVE-2025-21194Same vendor: Microsoft
CVE-2026-21229Same vendor: Microsoft
CVE-2026-26106Same vendor: Microsoft

Affected Assets

microsoft
powershell
7.4 — 7.4.14 · 7.5 — 7.5.5

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly addresses the improper input validation (CWE-20) vulnerability by requiring validation mechanisms at PowerShell input points to prevent bypass of security features.

prevent

Ensures timely identification, reporting, and patching of the specific PowerShell flaw referenced in the MSRC update guide, preventing exploitation.

prevent

Establishes secure configuration settings for PowerShell, such as execution policies or constrained language mode, to mitigate local bypass risks until fully patched.

References