Jun 2026: Microsoft PowerToys Elevation of Privilege Vulnerability
CVE-2026-42902 Published on June 9, 2026

Microsoft PowerToys Elevation of Privilege Vulnerability
Improper authorization in Microsoft PowerToys allows an authorized attacker to elevate privileges locally.

Vendor Advisory NVD

Weakness Type

What is an AuthZ Vulnerability?

The software does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.

CVE-2026-42902 has been classified to as an AuthZ vulnerability or weakness.

Products Associated with CVE-2026-42902

Want to know whenever a new CVE is published for Microsoft Power Toys? stack.watch will email you.

Microsoft Power Toys

Affected Versions

Microsoft PowerToys:

Version 0.1 and below v0.99.1 is affected.

Jun 2026: Microsoft PowerToys Elevation of Privilege VulnerabilityCVE-2026-42902 Published on June 9, 2026

Weakness Type

What is an AuthZ Vulnerability?

Products Associated with CVE-2026-42902

Affected Versions

Jun 2026: Microsoft PowerToys Elevation of Privilege Vulnerability
CVE-2026-42902 Published on June 9, 2026