CVE-2026-32184
Deserialization Vulnerability in Microsoft HPC Enables Local Privilege Escalation
Publication date: 2026-04-14
Last updated on: 2026-05-06
Assigner: Microsoft Corporation
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| microsoft | hpc_pack | to 6.3.8355 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-502 | The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability involves the deserialization of untrusted data in the Microsoft High Performance Compute Pack (HPC). It allows an authorized attacker to elevate their privileges locally by exploiting the way the software processes serialized data.
How can this vulnerability impact me? :
An attacker who already has some level of access to the system can exploit this vulnerability to gain higher privileges. This means they could perform actions or access data that would normally be restricted, potentially leading to significant security risks such as data compromise or system control.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, apply the security updates provided by Microsoft for the High Performance Compute Pack (HPC) as soon as they become available.
Ensure that only authorized users have local access to systems running the affected software to reduce the risk of privilege escalation.