CVE-2026-23656
Received
Received - Intake
Spoofing Vulnerability in Windows App Installer Due to Insufficient Data Verification
Publication date: 2026-03-10
Last updated on: 2026-03-12
Assigner: Microsoft Corporation
Description
Description
Insufficient verification of data authenticity in Windows App Installer allows an unauthorized attacker to perform spoofing over a network.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| microsoft | windows_app | to 2.0.964.0 (exc) |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-345 | The product does not sufficiently verify the origin or authenticity of data, in a way that causes it to accept invalid data. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability involves insufficient verification of data authenticity in the Windows App Installer. Because of this weakness, an unauthorized attacker can perform spoofing attacks over a network.
How can this vulnerability impact me? :
The impact of this vulnerability is spoofing, which means an attacker could impersonate a trusted source or manipulate data during installation processes. This can lead to installing malicious software or misleading users, potentially compromising system integrity.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
I don't know
What immediate steps should I take to mitigate this vulnerability?
I don't know
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70