Name: Power Shell
Author: Microsoft

Power Shell — Known Vulnerabilities

25 vulnerabilities mapped against this product across all versions. Grouped by the release each fix landed in — newest tracked release v7.6.2.0.

Fixed in v7.x 24

CVE-2024-0057 Fixed in 7.3.11 CVSS 9.8 · Critical NVD ↗ Jan 9, 2024

NET, .NET Framework, and Visual Studio Security Feature Bypass Vulnerability

CVE-2022-41076 Affects 7.2–7.3 CVSS 8.5 · High NVD ↗ Dec 13, 2022

PowerShell Remote Code Execution Vulnerability

CVE-2026-26143 Fixed in 7.5.5 CVSS 7.8 · High NVD ↗ Apr 14, 2026

Improper input validation in Microsoft PowerShell allows an unauthorized attacker to bypass a security feature locally.

CVE-2022-41121 Affects 7.2–7.3 CVSS 7.8 · High NVD ↗ Dec 13, 2022

Windows Graphics Component Elevation of Privilege Vulnerability

CVE-2022-26788 Fixed in 7.2.3 CVSS 7.8 · High NVD ↗ Apr 15, 2022

PowerShell Elevation of Privilege Vulnerability

CVE-2026-26171 Fixed in 7.6.1 CVSS 7.5 · High NVD ↗ Apr 14, 2026

Uncontrolled resource consumption in .NET allows an unauthorized attacker to deny service over a network.

CVE-2025-30399 Fixed in 7.5.2 CVSS 7.5 · High NVD ↗ Jun 13, 2025

Untrusted search path in .NET and Visual Studio allows an unauthorized attacker to execute code over a network.

CVE-2025-21171 Affects 7.5–7.5 CVSS 7.5 · High NVD ↗ Jan 14, 2025

.NET Remote Code Execution Vulnerability

CVE-2024-26190 Fixed in 7.4.2 CVSS 7.5 · High NVD ↗ Mar 12, 2024

Microsoft QUIC Denial of Service Vulnerability

CVE-2024-21392 Fixed in 7.3.12 CVSS 7.5 · High NVD ↗ Mar 12, 2024

.NET and Visual Studio Denial of Service Vulnerability

CVE-2023-21538 Affects 7.2–7.2 CVSS 7.5 · High NVD ↗ Jan 10, 2023

.NET Denial of Service Vulnerability

CVE-2022-23267 Fixed in 7.2.4 CVSS 7.5 · High NVD ↗ May 10, 2022

.NET and Visual Studio Denial of Service Vulnerability

CVE-2020-1108 Affects 7.0–7.0 CVSS 7.5 · High NVD ↗ May 21, 2020

A denial of service vulnerability exists when .NET Core or .NET Framework improperly handles web requests, aka '.NET Core & .NET Framework Denial of Service Vulnerability'.

CVE-2025-25004 Fixed in 7.5.4 CVSS 7.3 · High NVD ↗ Oct 14, 2025

Improper access control in Microsoft PowerShell allows an authorized attacker to elevate privileges locally.

CVE-2024-21409 Fixed in 7.4.2 CVSS 7.3 · High NVD ↗ Apr 9, 2024

.NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability

CVE-2025-49734 Fixed in 7.5.3 CVSS 7.0 · High NVD ↗ Sep 9, 2025

Improper restriction of communication channel to intended endpoints in Windows PowerShell allows an authorized attacker to elevate privileges locally.

CVE-2020-0951 Fixed in 7.1.5 CVSS 6.7 · Medium NVD ↗ Sep 11, 2020

A security feature bypass vulnerability exists in Windows Defender Application Control (WDAC) which could allow an attacker to bypass WDAC enforcement. An attacker who successfully exploited this vulnerability could execute PowerShell commands that would be blocked by WDAC.…

CVE-2023-36013 Fixed in 7.3.10 CVSS 6.5 · Medium NVD ↗ Nov 20, 2023

PowerShell Information Disclosure Vulnerability

CVE-2020-8927 Fixed in 7.2.2 CVSS 6.5 · Medium NVD ↗ Sep 15, 2020

A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a "one-shot" decompression request to a script can trigger a crash, which happens when copying over chunks of…

CVE-2024-30045 Fixed in 7.4.3 CVSS 6.3 · Medium NVD ↗ May 14, 2024

.NET and Visual Studio Remote Code Execution Vulnerability

CVE-2022-24512 Fixed in 7.2.2 CVSS 6.3 · Medium NVD ↗ Mar 9, 2022

.NET and Visual Studio Remote Code Execution Vulnerability

CVE-2022-34716 Fixed in 7.2.6 CVSS 5.9 · Medium NVD ↗ Aug 9, 2022

.NET Spoofing Vulnerability

CVE-2021-41355 Fixed in 7.1.5 CVSS 5.7 · Medium NVD ↗ Oct 13, 2021

.NET Core and Visual Studio Information Disclosure Vulnerability

CVE-2021-43896 Fixed in 7.2.1 CVSS 5.5 · Medium NVD ↗ Dec 15, 2021

Microsoft PowerShell Spoofing Vulnerability

Fixed in v1.x 1

CVE-2018-8327 Fixed in 1.7.0 CVSS 9.8 · Critical NVD ↗ Jul 11, 2018

A remote code execution vulnerability exists in PowerShell Editor Services, aka "PowerShell Editor Services Remote Code Execution Vulnerability." This affects PowerShell Editor, PowerShell Extension.

Source: NVD · CISA KEV · data as of Jun 8, 2026

Power Shell — Known Vulnerabilities

Explore

Account