{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-32184", "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "state": "PUBLISHED", "assignerShortName": "microsoft", "dateReserved": "2026-03-11T00:26:53.426Z", "datePublished": "2026-04-14T16:57:33.267Z", "dateUpdated": "2026-05-12T17:38:29.760Z"}, "containers": {"cna": {"title": "Microsoft High Performance Compute (HPC) Pack Elevation of Privilege Vulnerability", "datePublic": "2026-04-14T14:00:00.000Z", "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:microsoft:microsoft_hpc_pack_2019:*:*:*:*:*:*:*:*", "versionStartIncluding": "1.0.0", "versionEndExcluding": "6.3.8355"}]}]}], "affected": [{"vendor": "Microsoft", "product": "Microsoft HPC Pack 2019", "versions": [{"version": "1.0.0", "lessThan": "6.3.8355", "versionType": "custom", "status": "affected"}]}], "descriptions": [{"value": "Deserialization of untrusted data in Microsoft High Performance Compute Pack (HPC) allows an authorized attacker to elevate privileges locally.", "lang": "en-US"}], "problemTypes": [{"descriptions": [{"description": "CWE-502: Deserialization of Untrusted Data", "lang": "en-US", "type": "CWE", "cweId": "CWE-502"}]}], "providerMetadata": {"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft", "dateUpdated": "2026-05-12T17:38:29.760Z"}, "references": [{"name": "Microsoft High Performance Compute (HPC) Pack Elevation of Privilege Vulnerability", "tags": ["vendor-advisory", "patch"], "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32184"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en-US", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "baseSeverity": "HIGH", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C"}}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-10T00:00:00+00:00", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3", "id": "CVE-2026-32184"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-15T03:56:38.802Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-32184", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-04-14T19:30:49.435525Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-14T19:30:54.582Z"}}], "cna": {"title": "Microsoft High Performance Compute (HPC) Pack Elevation of Privilege Vulnerability", "metrics": [{"format": "CVSS", "cvssV3_1": {"version": "3.1", "baseScore": 7.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C"}, "scenarios": [{"lang": "en-US", "value": "GENERAL"}]}], "affected": [{"vendor": "Microsoft", "product": "Microsoft HPC Pack 2019", "versions": [{"status": "affected", "version": "1.0.0", "lessThan": "6.3.8355", "versionType": "custom"}]}], "datePublic": "2026-04-14T14:00:00.000Z", "references": [{"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32184", "name": "Microsoft High Performance Compute (HPC) Pack Elevation of Privilege Vulnerability", "tags": ["vendor-advisory", "patch"]}], "descriptions": [{"lang": "en-US", "value": "Deserialization of untrusted data in Microsoft High Performance Compute Pack (HPC) allows an authorized attacker to elevate privileges locally."}], "problemTypes": [{"descriptions": [{"lang": "en-US", "type": "CWE", "cweId": "CWE-502", "description": "CWE-502: Deserialization of Untrusted Data"}]}], "cpeApplicability": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:microsoft_hpc_pack_2019:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "6.3.8355", "versionStartIncluding": "1.0.0"}], "operator": "OR"}]}], "providerMetadata": {"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft", "dateUpdated": "2026-05-12T17:38:29.760Z"}}}, "cveMetadata": {"cveId": "CVE-2026-32184", "state": "PUBLISHED", "dateUpdated": "2026-05-12T17:38:29.760Z", "dateReserved": "2026-03-11T00:26:53.426Z", "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "datePublished": "2026-04-14T16:57:33.267Z", "assignerShortName": "microsoft"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:hpc_pack:*:*:*:*:*:*:*:*", "matchCriteriaId": "A5A3FA6E-AF3D-44A0-ADDB-EBA1A2924F26", "versionEndExcluding": "6.3.8355", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Deserialization of untrusted data in Microsoft High Performance Compute Pack (HPC) allows an authorized attacker to elevate privileges locally."}], "id": "CVE-2026-32184", "lastModified": "2026-05-06T18:12:55.463", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "secure@microsoft.com", "type": "Primary"}]}, "published": "2026-04-14T18:17:21.777", "references": [{"source": "secure@microsoft.com", "tags": ["Vendor Advisory"], "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32184"}], "sourceIdentifier": "secure@microsoft.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-502"}], "source": "secure@microsoft.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[1.0.0,6.3.8355)"}}], "enrichment": {"confidence": 88.0, "confidence_source": "matching", "scores": [{"score": 95.0, "source": "inferred"}, {"score": 88.0, "source": "matching"}]}, "original": {"product": "Microsoft HPC Pack 2019", "source": "cna", "vendor": "Microsoft"}, "product": "hpc_pack", "vendor": "microsoft"}], "analysis": {"en": {"generated_at": "2026-04-14T20:02:03.272838+00:00", "value": {"mitigation_remediation": ["Check for and install the Microsoft HPC Pack 2019 update that addresses CVE-2026-32184.", "Verify that the update applies to all installations and test after deployment.", "Limit HPC Pack usage to trusted users and remove unnecessary system permissions to reduce the impact of any remaining issue."], "summary": {"action": "Immediate Patch", "impact": "Privilege Escalation"}, "threat_synthesis": {"affected_systems": "Microsoft HPC Pack 2019 is the affected product, as identified by the CNA. No specific sub\u2011versions are listed, so all installations of 2019 are considered vulnerable.", "description_and_impact": "A flaw in deserializing untrusted data within Microsoft HPC Pack 2019 can be triggered by an authorized local user to gain elevated privileges. The vulnerability is tied to input validation failures, reflected in CWE\u2011502. If successful, the attacker may obtain higher system access, enabling further compromise. The impact is confined to the host where HPC Pack is installed.", "risk_and_exploitability": "The CVSS score of 7.8 indicates a high risk of potential damage. With no EPSS data available, the public exploitation likelihood is unknown, but the vulnerability is not marked in the KEV catalog. Since the flaw requires an authorized user and local access, the attack vector is likely local. An attacker who can submit arbitrary data to the deserialization process can elevate privileges and gain control over the affected system."}}}}, "created": "2026-04-15T15:00:06.180802+00:00", "updated": "2026-04-15T21:00:09.481503+00:00", "vendors": ["microsoft", "microsoft$PRODUCT$hpc_pack"]}