CVE-2026-26143: Microsoft PowerShell Security Feature Bypass Vulnerability

Overview

Severity

High (CVSS 7.8)

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

Category

Security Feature Bypass

Exploit Status

Not Exploited

Exploitation Likelihood

Less Likely

Patch Tuesday

2026-Apr

Released

2026-04-14

Description

Improper input validation in Microsoft PowerShell allows an unauthorized attacker to bypass a security feature locally.

FAQ

According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? An attacker would have to send the victim a malicious file that the victim would have to execute. What kind of security feature could be bypassed by successfully exploiting this vulnerability? Exploiting this vulnerability bypasses dynamic-expression security checks which may lead to arbitrary code execution when then -SkipLimitCheck is used with Import-PowerShellDataFile. If you do not use the -SkipLimitCheck switch, you are not affected. Is the Windows native version of PowerShell affected by this vulnerability? No, this vulnerability was introduced after PowerShell was forked from Windows powerShell so the inbox version is not affected. The current store app addresses the vulnerability.

Affected Products (2)

Developer Tools

• PowerShell 7.5
• PowerShell 7.4

Security Updates (1)

• Release Notes

Acknowledgments

<a href="https://github.com/surfingoldelephant">surfingoldelephant</a>

Revision History

• 2026-04-14: Information published.