Windows App Installer Fails to Verify Data Authenticity, Enabling Spoofing

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

5.9

Windows App Installer Fails to Verify Data Authenticity, Enabling Spoofing

CVE-2026-23656

Summary

The Windows App Installer does not properly verify the authenticity of data, allowing an attacker on the same network to impersonate a trusted source and trick users into installing malicious apps. This could lead to the installation of fake or malicious software. To protect your users, ensure that they only install apps from trusted sources and keep their software up to date with the latest security patches.

What to do

No fix is available yet. Check with your software vendor for updates.

Affected software

Vendor	Product	Affected versions	Fix available
microsoft	windows_app	<= 2.0.964.0	–

Original title

Insufficient verification of data authenticity in Windows App Installer allows an unauthorized attacker to perform spoofing over a network.

Original description

Insufficient verification of data authenticity in Windows App Installer allows an unauthorized attacker to perform spoofing over a network.

nvd CVSS3.1 5.9

Vulnerability type

CWE-345

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-23656

Published: 10 Mar 2026 · Updated: 14 Mar 2026 · First seen: 11 Mar 2026