CVE-2026-26143 was published, on April 14, 2026, impacting modern (Core-based) versions of PowerShell—specifically versions 7.4 and 7.5 prior to recent patches.
Before diving into the details, it’s important to understand that this vulnerability is not something that can be exploited under normal, secure usage.
This issue specifically requires the use of the -SkipLimitCheck parameter on the Import-PowerShellDataFile cmdlet. That parameter disables built-in safety checks and is typically only used in advanced or edge-case scenarios.
In other words, this vulnerability depends on unsafe behavior being introduced first.
This is a good reminder of a few core security practices:
- Do not run untrusted scripts or code from unknown sources
- Avoid bypassing built-in safety mechanisms unless absolutely necessary
- Follow the principle of least privilege when running scripts and automation
- Keep your PowerShell environment updated and standardized
If you are already following these practices, your exposure risk is significantly reduced—even before applying updates.
With that said, let’s look at how you can ensure you are protected fully against this vulnerability.
Who Is Affected?
This vulnerability applies to:
- PowerShell 7.x (.NET Core based versions)
- Specifically:
- 7.4 (prior to 7.4.14)
- 7.5 (prior to 7.5.5)
It does NOT affect:
- Windows PowerShell 5.1 (the version built into Windows)
Safe Versions
You are protected if you are running:
- 7.4.14 or newer
- 7.5.5 or newer
- 7.6.0 or newer
Anything older than that should be updated.
What About Older Versions?
If you’re running:
- PowerShell 6.0 – 7.3
These versions are out of support, which means:
- No security patches
- Unknown exposure level
- Not recommended for production use
The correct move here is not to “patch”—it’s to upgrade to one of the support versions listed above.
How to Check Your Version
Open PowerShell either from a command prompt or Run with the command pwsh and run the command:
$PSVersionTableLook for:
Name Value
---- -----
PSVersion 7.6.0That will tell you exactly where you stand.
Why This Matters More Than You Think
PowerShell 7 is often:
- Installed manually
- Deployed via scripts or package managers
- Bundled into developer environments
It may not be updating automatically.
Unlike Windows PowerShell 5.1, which is serviced through Windows Update, PowerShell 7 updates depend on how it was installed.
- MSI install → manual updates required
- winget / Chocolatey → may require explicit upgrade commands
- Microsoft Update integration → only applies if enabled
More details here:
https://learn.microsoft.com/en-us/powershell/scripting/install/microsoft-update-faq
How to Update
Option 1: winget
winget upgrade Microsoft.PowerShellOption 2: Chocolatey
choco upgrade powershell-coreOption 3: Manual Install
Download the latest release from GitHub and install over the top.
https://github.com/powershell/powershell/releasesIT / Endpoint Management Perspective
If you are responsible for managing endpoint devices, this is where things get more interesting.
Key Risk Areas
- PowerShell 7 installed outside of standard imaging
- Developer machines with multiple versions side-by-side
- CI/CD agents or automation hosts
- Servers running scheduled scripts using older runtimes
Watch for Side-by-Side Installs
- Updating does not always remove old versions
- Non-standard installs may not be in PATH
- Search for all instances of pwsh.exe
Bottom Line
- This vulnerability is real but manageable
- Most environments can remediate quickly with an update
- The biggest risk is lack of visibility, not complexity
If you verify your version, upgrade to a supported release and standardize across endpoints; you’ll be in a good place.