High severity7.8NVD Advisory· Published Apr 14, 2026· Updated Apr 27, 2026
CVE-2026-26143
CVE-2026-26143
Description
Improper input validation in Microsoft PowerShell allows an unauthorized attacker to bypass a security feature locally.
Affected products
3cpe:2.3:a:microsoft:powershell:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:microsoft:powershell:*:*:*:*:*:*:*:*range: >=7.4,<7.4.14
- (no CPE)
Patches
Vulnerability mechanics
References
1- msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26143nvdVendor Advisory
News mentions
1- Patch Tuesday - April 2026Rapid7 Blog · Apr 14, 2026