CVE Catalog

CVE-2026-42902

HighCVSS 7.8
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.06%

18th percentile - higher than 18% of all known CVEs

Summary

Improper authorization in Microsoft PowerToys allows an authorized attacker to elevate privileges locally.

Risk Assessment

An attacker with appropriate permissions can gain access to higher privilege levels, potentially leading to serious security breaches.

Recommendation

It is recommended to monitor user permissions and update Microsoft PowerToys to the latest version to minimize risk.

Original NVD description (English source)

Improper authorization in Microsoft PowerToys allows an authorized attacker to elevate privileges locally.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS