Detections
Analytics

Microsoft PowerShell 7.4.x < 7.4.14 / 7.5.x < 7.5.5 Security Feature Bypass (macOS)

high Nessus Plugin ID 306453

Synopsis

The version of Microsoft PowerShell installed on the remote macOS host is affected by a security feature bypass vulnerability.

Description

The version of Microsoft PowerShell installed on the remote macOS host is 7.4.x prior to 7.4.14 or 7.5.x prior to 7.5.5. It is, therefore, affected by a security feature bypass vulnerability:

 - Improper input validation in Microsoft PowerShell allows an unauthorized attacker to bypass a security feature locally. (CVE-2026-26143)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Upgrade to Microsoft PowerShell version 7.4.14, 7.5.5, or later.

See Also

https://github.com/PowerShell/Announcements/issues/82

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26143

Plugin Details

Severity: High

ID: 306453

File Name: macos_microsoft_powershell_CVE-2026-26143.nasl

Version: 1.1

Type: Local

Agent: macosx

Published: 4/14/2026

Updated: 4/14/2026

Supported Sensors: Nessus Agent, Nessus

Risk Information

CVSS v2

Risk Factor: High

Base Score: 7.2

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2026-26143

CVSS v3

Risk Factor: High

Base Score: 7.8

Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Vulnerability Information

CPE: cpe:/a:microsoft:powershell

Required KB Items: Host/MacOSX/Version, installed_sw/PowerShell

Patch Publication Date: 4/14/2026

Vulnerability Publication Date: 4/14/2026

Reference Information

CVE: CVE-2026-26143