PowerShell Elevation of Privilege Vulnerability
Description
PowerShell Elevation of Privilege Vulnerability
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
PowerShell elevation of privilege vulnerability in module loading when .NET omits profile folder paths; fixed in 7.0.10, 7.1.7, 7.2.3.
Vulnerability
An elevation of privilege vulnerability exists in PowerShell 7 where the module loading logic fails to properly handle cases when .NET does not return a path for certain profile folders [2]. This affects PowerShell 7.0 prior to 7.0.10, 7.1 prior to 7.1.7, and 7.2 prior to 7.2.3 [2].
Exploitation
An attacker with existing access to a system running an affected version of PowerShell can trigger the vulnerable code path by causing .NET to omit the profile folder paths during module loading [2]. No additional authentication or user interaction is required beyond the ability to execute PowerShell code.
Impact
Successful exploitation allows the attacker to elevate their privileges, potentially gaining SYSTEM-level access or another higher-integrity context [2]. This can lead to full compromise of the affected system.
Mitigation
Update PowerShell 7 to version 7.0.10, 7.1.7, or 7.2.3 respectively [2]. No official workaround has been published. The vulnerability is not listed in the CISA Known Exploited Vulnerabilities (KEV) catalog.
AI Insight generated on May 21, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
Microsoft.PowerShell.SDKNuGet | >= 7.0.0-preview.1, < 7.0.10 | 7.0.10 |
Microsoft.PowerShell.SDKNuGet | >= 7.1.0-preview.1, < 7.1.7 | 7.1.7 |
Microsoft.PowerShell.SDKNuGet | >= 7.2.0-preview.1, < 7.2.3 | 7.2.3 |
Affected products
26- osv-coords2 versions
>= 7.0.0, < 7.0.10+ 1 more
- (no CPE)range: >= 7.0.0, < 7.0.10
- (no CPE)range: >= 7.0.0-preview.1, < 7.0.10
- Microsoft/PowerShell 7.0v5Range: 7.0.0
- Microsoft/PowerShell 7.1v5Range: 7.1.0
- Microsoft/PowerShell 7.2v5Range: 7.2.0
- Microsoft/Windows 10 Version 1507v5Range: 10.0.10240.0
- Microsoft/Windows 10 Version 1607v5Range: 10.0.14393.0
- Microsoft/Windows 10 Version 1809v5Range: 10.0.0
- Microsoft/Windows 10 Version 1909v5Range: 10.0.0
- Microsoft/Windows 10 Version 20H2v5Range: 10.0.0
- Microsoft/Windows 10 Version 21H1v5Range: 10.0.0
- Microsoft/Windows 10 Version 21H2v5Range: 10.0.19043.0
- Microsoft/Windows 11 version 21H2v5Range: 10.0.0
- Microsoft/Windows 8.1v5Range: 6.3.0
- Microsoft/Windows Server 2008 R2 Service Pack 1v5Range: 6.1.7601.0
- Microsoft/Windows Server 2008 R2 Service Pack 1 (Server Core installation)v5Range: 6.1.7601.0
- Microsoft/Windows Server 2012v5Range: 6.2.9200.0
- Microsoft/Windows Server 2012 R2v5Range: 6.3.9600.0
- Microsoft/Windows Server 2012 R2 (Server Core installation)v5Range: 6.3.9600.0
- Microsoft/Windows Server 2012 (Server Core installation)v5Range: 6.2.9200.0
- Microsoft/Windows Server 2016v5Range: 10.0.14393.0
- Microsoft/Windows Server 2016 (Server Core installation)v5Range: 10.0.14393.0
- Microsoft/Windows Server 2019v5Range: 10.0.17763.0
- Microsoft/Windows Server 2019 (Server Core installation)v5Range: 10.0.17763.0
- Microsoft/Windows Server 2022v5Range: 10.0.20348.0
- Microsoft/Windows Server version 20H2v5Range: 10.0.0
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
5- github.com/advisories/GHSA-q7x5-x7rr-2859ghsaADVISORY
- msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26788ghsavendor-advisoryWEB
- nvd.nist.gov/vuln/detail/CVE-2022-26788ghsaADVISORY
- github.com/PowerShell/Announcements/issues/31ghsaWEB
- portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-26788ghsaWEB
News mentions
0No linked articles in our index yet.