Improper Control of Generation of Code ('Code Injection') in Azure CLI
Description
Azure CLI versions before 2.40.0 on Windows PowerShell allow code injection via parameter values containing & or | symbols.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Azure CLI versions before 2.40.0 on Windows PowerShell allow code injection via parameter values containing & or | symbols.
Vulnerability
Details Azure CLI prior to version 2.40.0 contains a code injection vulnerability due to improper handling of command-line arguments when executed on Windows via PowerShell [1]. The Azure CLI entry script on Windows calls cmd.exe, and PowerShell's parsing strips quotation marks from inputs, leading to unintended command interpretation [3].
Exploitation
The vulnerability is triggered when an external source supplies parameter values containing the & or | symbols, and the CLI command is run on a Windows machine under PowerShell. For example, a web application that uses Azure CLI commands with user-supplied values could inadvertently execute system commands [3]. The attack requires no special privileges if the hosting machine runs such commands.
Impact
Successful exploitation allows an attacker to inject arbitrary commands, potentially leading to full system compromise, data exfiltration, or further lateral movement within the Azure environment.
Mitigation
Users should upgrade to Azure CLI version 2.40.0 or later, which addresses this issue [1]. No workarounds are provided for affected versions.
AI Insight generated on May 21, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
azure-cliPyPI | < 2.40.0 | 2.40.0 |
Affected products
3- osv-coords2 versions
< 2.40.0+ 1 more
- (no CPE)range: < 2.40.0
- (no CPE)range: < 2.40.0
- Azure/azure-cliv5Range: < 2.40.0
Patches
1023a11c0c775Merge branch 'release' into dev
2 files changed · +4 −2
src/azure-cli/azure/cli/command_modules/eventgrid/custom.py+2 −1 modified@@ -2130,6 +2130,7 @@ def update_event_subscription( storage_queue_msg_ttl=None, enable_advanced_filtering_on_arrays=None, delivery_attribute_mapping=None): + return _update_event_subscription_internal( instance=instance, endpoint=endpoint, @@ -2177,7 +2178,7 @@ def _update_event_subscription_internal( # pylint: disable=too-many-locals,too- _validate_deadletter_identity_args( deadletter_identity, - deadletter_endpoint) + deadletter_identity_endpoint) if (endpoint_type is not None and endpoint_type.lower() != WEBHOOK_DESTINATION.lower() and
src/azure-cli/azure/cli/command_modules/eventgrid/custom.py+2 −1 modified@@ -2130,6 +2130,7 @@ def update_event_subscription( storage_queue_msg_ttl=None, enable_advanced_filtering_on_arrays=None, delivery_attribute_mapping=None): + return _update_event_subscription_internal( instance=instance, endpoint=endpoint, @@ -2177,7 +2178,7 @@ def _update_event_subscription_internal( # pylint: disable=too-many-locals,too- _validate_deadletter_identity_args( deadletter_identity, - deadletter_endpoint) + deadletter_identity_endpoint) if (endpoint_type is not None and endpoint_type.lower() != WEBHOOK_DESTINATION.lower() and
Vulnerability mechanics
Root cause
"Missing input sanitization of parameter values containing shell metacharacters (`&` or `|`) allows code injection when Azure CLI commands are executed on Windows with PowerShell."
Attack vector
An attacker supplies a parameter value containing the `&` or `|` characters to an Azure CLI command run on a Windows machine with PowerShell. Because the CLI does not sanitize these shell metacharacters, PowerShell interprets them as command separators or pipes, allowing the attacker to inject arbitrary commands. The vulnerability is only exploitable when all three conditions are met: Windows OS, PowerShell, and a parameter value containing `&` or `|`. The advisory does not specify a particular Azure CLI command or parameter as the entry point, but the patch touches the Event Grid module's `_update_event_subscription_internal` function [patch_id=1641313].
Affected code
The advisory does not identify a specific vulnerable function or file path for the code injection. The patch [patch_id=1641313] modifies `src/azure-cli/azure/cli/command_modules/eventgrid/custom.py`, correcting a parameter name in `_update_event_subscription_internal`. However, the advisory describes a general input-sanitization gap affecting Azure CLI commands on Windows with PowerShell, not limited to the Event Grid module.
What the fix does
The patch [patch_id=1641313] corrects a parameter name in `_update_event_subscription_internal` from `deadletter_endpoint` to `deadletter_identity_endpoint`. While this specific diff fixes a variable name mismatch, the advisory states that the overall mitigation for the code injection vulnerability is to upgrade to Azure CLI version 2.40.0 or greater. The advisory does not provide a detailed code-level fix for the shell metacharacter injection; the referenced patch addresses a related but distinct bug in the Event Grid module.
Preconditions
- osThe host machine must be running Windows.
- configThe shell must be PowerShell (any version).
- inputThe Azure CLI command parameter value must contain the `&` or `|` characters.
Generated on May 23, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
6- github.com/advisories/GHSA-47xc-9rr2-q7p4ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2022-39327ghsaADVISORY
- github.com/Azure/azure-cli/pull/23514ghsaWEB
- github.com/Azure/azure-cli/pull/24015ghsaWEB
- github.com/Azure/azure-cli/security/advisories/GHSA-47xc-9rr2-q7p4ghsaWEB
- github.com/pypa/advisory-database/tree/main/vulns/azure-cli/PYSEC-2022-43177.yamlghsaWEB
News mentions
0No linked articles in our index yet.