Path traversal in Windows and Windows Server - CVE-2026-40400
Published: July 17, 2026
Windows
Windows Server
Detailed vulnerability description
The vulnerability allows a remote attacker to execute arbitrary code.
The vulnerability exists due to path traversal in Windows PowerShell when processing a crafted link path over the network. A remote attacker can cause an authenticated client to click a crafted link to execute arbitrary code.
User interaction is required, and exploitation depends on an authenticated client clicking a link.