CVE Catalog
CVE-2026-42902
HighCVSS 7.8Exploitation Probability (EPSS)
Low risk0.06%
18th percentile - higher than 18% of all known CVEs
Summary
Improper authorization in Microsoft PowerToys allows an authorized attacker to elevate privileges locally.
Risk Assessment
An attacker with appropriate permissions can gain access to higher privilege levels, potentially leading to serious security breaches.
Recommendation
It is recommended to monitor user permissions and update Microsoft PowerToys to the latest version to minimize risk.
Original NVD description (English source)
Improper authorization in Microsoft PowerToys allows an authorized attacker to elevate privileges locally.

