Vulnerability Details CVE-2026-23656
Insufficient verification of data authenticity in Windows App Installer allows an unauthorized attacker to perform spoofing over a network.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 4.0%
CVSS Severity
CVSS v3 Score 5.9
Products affected by CVE-2026-23656
-
cpe:2.3:a:microsoft:windows_app:-
-
cpe:2.3:a:microsoft:windows_app:1.3.204.0
-
cpe:2.3:a:microsoft:windows_app:1.3.205.0
-
cpe:2.3:a:microsoft:windows_app:1.3.212.0
-
cpe:2.3:a:microsoft:windows_app:1.3.233.0
-
cpe:2.3:a:microsoft:windows_app:1.3.241.0
-
cpe:2.3:a:microsoft:windows_app:1.3.252.0
-
cpe:2.3:a:microsoft:windows_app:1.3.259.0
-
cpe:2.3:a:microsoft:windows_app:1.3.264.0
-
cpe:2.3:a:microsoft:windows_app:1.3.272.0
-
cpe:2.3:a:microsoft:windows_app:1.3.278.0
-
cpe:2.3:a:microsoft:windows_app:2.0.285.0
-
cpe:2.3:a:microsoft:windows_app:2.0.294.0
-
cpe:2.3:a:microsoft:windows_app:2.0.297.0
-
cpe:2.3:a:microsoft:windows_app:2.0.327.0
-
cpe:2.3:a:microsoft:windows_app:2.0.328.0
-
cpe:2.3:a:microsoft:windows_app:2.0.352.0
-
cpe:2.3:a:microsoft:windows_app:2.0.360.0
-
cpe:2.3:a:microsoft:windows_app:2.0.365.0
-
cpe:2.3:a:microsoft:windows_app:2.0.366.0
-
cpe:2.3:a:microsoft:windows_app:2.0.379.0
-
cpe:2.3:a:microsoft:windows_app:2.0.419.0
-
cpe:2.3:a:microsoft:windows_app:2.0.420.0
-
cpe:2.3:a:microsoft:windows_app:2.0.503.0
-
cpe:2.3:a:microsoft:windows_app:2.0.505.0
-
cpe:2.3:a:microsoft:windows_app:2.0.559.0
-
cpe:2.3:a:microsoft:windows_app:2.0.706.0