CVE-2026-26147

Improper input validation in Azure Compute Gallery allows an authorized attacker to disclose information over a network...

CVE-2026-26147

Improper input validation in Azure Compute Gallery allows an authorized attacker to disclose information over a network...

EUVD-2026-31516

Improper input validation in Azure Compute Gallery allows an authorized attacker to disclose information over a network...

CVE-2026-26147

Improper input validation in Azure Compute Gallery allows an authorized attacker to disclose information over a network...

PT-2026-42840

Name of the Vulnerable Software and Affected Versions Azure Compute Gallery affected versions not specified Description Improper input validation allows an authorized attacker to disclose information over a network. Recommendations At the moment, there is no information about a newer version that...

CVE-2026-23651

Permissive regular expression in Azure Compute Gallery allows an authorized attacker to elevate privileges locally...

CVE-2026-26122

Initialization of a resource with an insecure default in Azure Compute Gallery allows an authorized attacker to disclose information over a network...

CVE-2026-26124

'.../...//' in Azure Compute Gallery allows an authorized attacker to elevate privileges locally...

EUVD-2026-9886

Permissive regular expression in Azure Compute Gallery allows an authorized attacker to elevate privileges locally...

CVE-2026-23651

Permissive regular expression in Azure Compute Gallery allows an authorized attacker to elevate privileges locally...

CVE-2026-23651

Permissive regular expression in Azure Compute Gallery allows an authorized attacker to elevate privileges locally...

Microsoft ACI Confidential Containers Elevation of Privilege Vulnerability

Permissive regular expression in Azure Compute Gallery allows an authorized attacker to elevate privileges locally...

PT-2026-23570

Name of the Vulnerable Software and Affected Versions Azure Compute Gallery affected versions not specified Description A permissive regular expression within Azure Compute Gallery can allow an authorized attacker to elevate privileges locally. Recommendations At the moment, there is no informati...

Microsoft Azure Compute Gallery 安全漏洞

Microsoft Azure Compute Gallery is a service provided by Microsoft in the United States that manages virtual machines. There is a security vulnerability in Azure Compute Gallery, which stems from overly lax regular expressions, potentially allowing authorized attackers to gain local privileges...

CVE-2026-21522

Improper neutralization of special elements used in a command 'command injection' in Azure Compute Gallery allows an authorized attacker to elevate privileges locally...

CVE-2026-23655

Cleartext storage of sensitive information in Azure Compute Gallery allows an authorized attacker to disclose information over a network...

Vulnerabilities fixed in Microsoft Azure

Microsoft has fixed vulnerabilities in several Azure components. A malicious party could exploit the vulnerabilities to impersonate another user, potentially grant themselves elevated privileges and thus execute arbitrary code or gain access to sensitive data. Of the vulnerabilities labeled...

Cleartext Storage of Sensitive Information

Overview Affected versions of this package are vulnerable to Cleartext Storage of Sensitive Information in in Azure Compute Gallery, which writes MAA tokens in the debug log. Remediation Upgrade github.com/Microsoft/confidential-sidecar-containers/pkg/common to version 2.12 or higher. References ...

Cleartext Storage of Sensitive Information

Overview Affected versions of this package are vulnerable to Cleartext Storage of Sensitive Information in in Azure Compute Gallery, which writes MAA tokens in the debug log. Remediation Upgrade github.com/Microsoft/confidential-sidecar-containers/pkg/skr to version 2.12 or higher. References -...

Cleartext Storage of Sensitive Information

Overview Affected versions of this package are vulnerable to Cleartext Storage of Sensitive Information in in Azure Compute Gallery, which writes MAA tokens in the debug log. Remediation Upgrade github.com/Microsoft/confidential-sidecar-containers/cmd/azmount/filemanager to version 2.12 or higher...