High severity7.8NVD Advisory· Published Apr 14, 2026· Updated Apr 27, 2026
CVE-2026-26143
CVE-2026-26143
Description
Improper input validation in Microsoft PowerShell allows an unauthorized attacker to bypass a security feature locally.
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1- msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26143nvdVendor Advisory
News mentions
24- What 45 Days of Watching Your Own Tools Will Tell You About Your Real Attack SurfaceThe Hacker News · May 15, 2026
- The time of much patching is comingCisco Talos Intelligence · May 14, 2026
- When IT Support Calls: Dissecting a ModeloRAT Campaign from Teams to Domain CompromiseRapid7 Blog · May 13, 2026
- State-sponsored actors, better known as the friends you don’t wantCisco Talos Intelligence · May 12, 2026
- Cookie thieves caught stealing dev secrets via fake Claude Code installersThe Register Security · May 11, 2026
- Zero Chaos: Scaling Detection Engineering at the Speed of Software, with Detection As CodeRapid7 Blog · May 8, 2026
- Muddying the Tracks: The State-Sponsored Shadow Behind Chaos RansomwareRapid7 Blog · May 6, 2026
- Attackers adopt JavaScript runtime Bun to spread NWHStealerMalwarebytes Labs · May 6, 2026
- UAT-8302 and its box full of malwareCisco Talos Intelligence · May 5, 2026
- CloudZ RAT potentially steals OTP messages using Pheno pluginCisco Talos Intelligence · May 5, 2026
- VECT: Ransomware by design, Wiper by accidentCheck Point Research · Apr 28, 2026
- Hypersonic Supply Chain Attacks: One Solution That Didn’t Need to Know the PayloadSentinelOne Labs · Apr 22, 2026
- IR Trends Q1 2026: Phishing reemerges as top initial access vector, as attacks targeting public administration persistCisco Talos Intelligence · Apr 22, 2026
- Kyber Ransomware Double Trouble: Windows and ESXi Attacks ExplainedRapid7 Blog · Apr 21, 2026
- DFIR Report – The Gentlemen & SystemBC: A Sneak Peek Behind the ProxyCheck Point Research · Apr 20, 2026
- Metasploit Wrap-Up 04/17/2026Rapid7 Blog · Apr 17, 2026
- The Good, the Bad and the Ugly in Cybersecurity – Week 16SentinelOne Labs · Apr 17, 2026
- ClickFix Phishing Campaign Masquerading as a Claude InstallerRapid7 Blog · Apr 16, 2026
- PowMix botnet targets Czech workforceCisco Talos Intelligence · Apr 16, 2026
- The n8n n8mare: How threat actors are misusing AI workflow automationCisco Talos Intelligence · Apr 15, 2026
- Securing the Software Supply Chain: How SentinelOne’s AI EDR Autonomously Blocked the CPU-Z Watering Hole Cyber AttackSentinelOne Labs · Apr 14, 2026
- Patch Tuesday - April 2026Rapid7 Blog · Apr 14, 2026
- The Good, the Bad and the Ugly in Cybersecurity – Week 14SentinelOne Labs · Apr 3, 2026
- “Handala Hack” – Unveiling Group’s Modus OperandiCheck Point Research · Mar 12, 2026