High severityOSV Advisory· Published Jan 13, 2026· Updated Apr 1, 2026
Azure Core shared client library for Python Remote Code Execution Vulnerability
CVE-2026-21226
Description
Deserialization of untrusted data in Azure Core shared client library for Python allows an authorized attacker to execute code over a network.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
azure-corePyPI | < 1.38.0 | 1.38.0 |
Affected products
1- Range: azure-agrifood-farming_1.0.0b2, azure-ai-agents_1.0.0, azure-ai-agents_1.0.0b1, …
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
4- github.com/advisories/GHSA-jm66-cg57-jjv5ghsaADVISORY
- msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21226ghsavendor-advisorypatchWEB
- nvd.nist.gov/vuln/detail/CVE-2026-21226ghsaADVISORY
- github.com/Azure/azure-sdk-for-python/blob/6d2e6431ea0991861640e449e51e894247a7771a/sdk/core/azure-core/CHANGELOG.mdghsaWEB
News mentions
0No linked articles in our index yet.