anonhaven
Ad

CVE-2026-26148

HIGH CVSS 3.1: 8.1 EPSS 0.06%
Updated Mar 13, 2026
Microsoft
Parameter Value
CVSS 8.1 (HIGH)
Affected Versions 1.0.0 — 1.0.033370002
Fixed In 1.0.033370002
Type CWE-454
Vendor Microsoft
Public PoC No

External initialization of trusted variables or data stores in Azure Entra ID allows an unauthorized attacker to elevate privileges locally.

Attack Parameters

Attack Vector
Local
Requires local access
Attack Complexity
High
Difficult to exploit
Privileges Required
None
No privileges needed
User Interaction
None
No user interaction needed

Impact Assessment

Confidentiality
High
Complete data leak
Integrity
High
Complete data modification
Availability
High
Complete denial of service

CVSS Vector v3.1

Weakness Type (CWE)

CWE-454

Vulnerable Products 1

Configuration From (including) Up to (excluding)
Microsoft Azure_Ad_Ssh_Login_Extension_For_Linux
cpe:2.3:a:microsoft:azure_ad_ssh_login_extension_for_linux:*:*:*:*:*:*:*:*
 1.0.0 1.0.033370002

References 1

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26148
secure@microsoft.com
Share Post Share Share Share

Related Vulnerabilities

CVE-2026-6318

Linux

8.8

CVE-2026-6317

Linux

8.8

CVE-2026-6316

Linux

8.8

CVE-2026-6314

Linux

8.3

CVE-2026-6313

Linux

3.1