CVE-2026-40400
Received Received - Intake

BaseFortify

Vulnerability report for CVE-2026-40400, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-14

Last updated on: 2026-07-14

Assigner: Microsoft Corporation

Description

Relative path traversal in Windows PowerShell allows an authorized attacker to execute code over a network.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-14
Last Modified
2026-07-14
Generated
2026-07-14
AI Q&A
2026-07-14
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
microsoft windows_powershell *

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-23 The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize sequences such as ".." that can resolve to a location that is outside of that directory.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

CVE-2026-40400 is a relative path traversal vulnerability in Windows PowerShell. This flaw allows an authorized attacker to execute arbitrary code over a network by exploiting improper handling of file paths.

The vulnerability is classified as a remote code execution (RCE) issue, meaning an attacker could run malicious code on a target system without direct physical access.

  • The attacker must be authorized (have certain privileges) to exploit this vulnerability.
  • The CVSS v3.1 base score is 8.0, indicating a high severity level.
Impact Analysis

If exploited, this vulnerability could have severe consequences for affected systems and users.

  • An attacker could execute arbitrary code on your system, potentially gaining full control over it.
  • This could lead to data theft, unauthorized access to sensitive information, or installation of malware.
  • Since the attack can be carried out over a network, the attacker does not need physical access to the target machine.

However, the attacker must already have some level of authorization on the system to exploit this vulnerability.

Detection Guidance

The provided context does not include specific detection methods or commands for identifying the relative path traversal vulnerability in Windows PowerShell (CVE-2026-40400). Detection may require monitoring PowerShell execution logs, network traffic, or using security tools to identify unusual path traversal patterns.

For general detection of suspicious PowerShell activity, you can check event logs using commands like:

  • Get-WinEvent -LogName 'Windows PowerShell' | Where-Object { $_.Message -like '*..*' } to search for path traversal patterns in logs.
  • Review network traffic for unexpected PowerShell remote execution attempts using tools like Windows Event Forwarding or SIEM solutions.

For precise detection, refer to Microsoft's official guidance or security advisories.

Mitigation Strategies

The provided context does not include specific mitigation steps for CVE-2026-40400. However, general immediate steps to mitigate relative path traversal vulnerabilities in Windows PowerShell may include:

  • Apply the latest security updates from Microsoft as soon as they are available. Check the Microsoft Update Guide for patches related to this CVE.
  • Restrict PowerShell execution policies to 'Restricted' or 'AllSigned' mode to limit unauthorized script execution.
  • Monitor and audit PowerShell usage, especially for remote execution or scripts containing path traversal patterns (e.g., '..').
  • Disable or restrict remote PowerShell access if not required for business operations.
  • Use application control solutions like Windows Defender Application Control (WDAC) to block unauthorized PowerShell scripts.

For official mitigation steps, refer to Microsoft's security advisory for CVE-2026-40400.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-40400. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart