Cyber Resilience

CVE-2026-26170

High

Published: 14 April 2026

Published
14 April 2026
Modified
24 April 2026
KEV Added
Patch
CVSS Score v3.1 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0009 24.8th percentile
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-26170 is a high-severity Improper Input Validation (CWE-20) vulnerability in Microsoft Windows 10 21H2. Its CVSS base score is 7.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 24.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2026-26170 is an improper input validation vulnerability (CWE-20) in Microsoft PowerShell. Published on 2026-04-14T18:16:51.263, it carries a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating high severity due to its potential for significant impact with relatively low barriers to exploitation.

The vulnerability enables a local authorized attacker possessing low privileges to exploit improper input validation in PowerShell. Exploitation requires local access and low attack complexity with no user interaction, allowing the attacker to elevate privileges and achieve high confidentiality, integrity, and availability impacts on the affected system.

Mitigation guidance is available in the Microsoft Security Response Center advisory at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26170.

EU & UK References

Vulnerability details

Improper input validation in Microsoft PowerShell allows an authorized attacker to elevate privileges locally.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques?

Local improper input validation in PowerShell directly enables privilege escalation with high impact, mapping to T1068 Exploitation for Privilege Escalation.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2026-26156Same product: Microsoft Windows 10 1607
CVE-2026-32149Same product: Microsoft Windows 10 1607
CVE-2026-26161Same product: Microsoft Windows 10 1809
CVE-2026-32091Same product: Microsoft Windows 10 1607
CVE-2026-32164Same product: Microsoft Windows 10 1607
CVE-2026-26167Same product: Microsoft Windows 10 1607
CVE-2026-32090Same product: Microsoft Windows 10 1607
CVE-2026-27911Same product: Microsoft Windows 10 1607
CVE-2026-32089Same product: Microsoft Windows 10 1607
CVE-2025-21234Same product: Microsoft Windows 10 21H2

Affected Assets

microsoft
windows 10 1607
≤ 10.0.14393.9060 · ≤ 10.0.14393.9060
microsoft
windows 10 1809
≤ 10.0.17763.8644 · ≤ 10.0.17763.8644
microsoft
windows 10 21h2
≤ 10.0.19044.7184 · ≤ 10.0.19044.7184 · ≤ 10.0.19044.7184
microsoft
windows 10 22h2
≤ 10.0.19045.7184 · ≤ 10.0.19045.7184 · ≤ 10.0.19045.7184
microsoft
windows 11 23h2
≤ 10.0.22631.6936 · ≤ 10.0.22631.6936
microsoft
windows 11 24h2
≤ 10.0.26100.8246 · ≤ 10.0.26100.8246
microsoft
windows 11 25h2
≤ 10.0.26200.8246 · ≤ 10.0.26200.8246
microsoft
windows 11 26h1
≤ 10.0.28000.1836 · ≤ 10.0.28000.1836
microsoft
windows server 2016
≤ 10.0.14393.9060
microsoft
windows server 2019
≤ 10.0.17763.8644
+3 more product configuration(s) — see NVD for full list

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly mandates validation of all information inputs, addressing the core improper input validation flaw (CWE-20) in PowerShell that enables privilege escalation.

preventrecover

Requires timely identification, reporting, and correction of system flaws like this CVE through patching and updates as per Microsoft guidance.

prevent

Enforces least privilege to restrict low-privileged local attackers from achieving high-impact escalation even if the input validation vulnerability is exploited.

References