Azure Compute Gallery
by Microsoft
CVEs (10)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-26147 | Hig | 0.50 | 7.7 | 0.01 | May 22, 2026 | Improper input validation in Azure Compute Gallery allows an authorized attacker to disclose information over a network. | ||
| CVE-2026-26122 | 0.00 | — | 0.01 | Mar 5, 2026 | Initialization of a resource with an insecure default in Azure Compute Gallery allows an authorized attacker to disclose information over a network. | |||
| CVE-2026-26124 | 0.00 | — | 0.00 | Mar 5, 2026 | '.../...//' in Azure Compute Gallery allows an authorized attacker to elevate privileges locally. | |||
| CVE-2026-23651 | 0.00 | — | 0.01 | Mar 5, 2026 | Permissive regular expression in Azure Compute Gallery allows an authorized attacker to elevate privileges locally. | |||
| CVE-2026-21522 | 0.00 | — | 0.00 | Feb 10, 2026 | Improper neutralization of special elements used in a command ('command injection') in Azure Compute Gallery allows an authorized attacker to elevate privileges locally. | |||
| CVE-2026-23655 | 0.00 | — | 0.01 | Feb 10, 2026 | Cleartext storage of sensitive information in Azure Compute Gallery allows an authorized attacker to disclose information over a network. | |||
| CVE-2025-59503 | 0.00 | — | 0.01 | Oct 23, 2025 | Server-side request forgery (ssrf) in Azure Compute Gallery allows an unauthorized attacker to elevate privileges over a network. | |||
| CVE-2025-59292 | 0.00 | — | 0.00 | Oct 14, 2025 | External control of file name or path in Confidential Azure Container Instances allows an authorized attacker to elevate privileges locally. | |||
| CVE-2025-59291 | 0.00 | — | 0.00 | Oct 14, 2025 | External control of file name or path in Confidential Azure Container Instances allows an authorized attacker to elevate privileges locally. | |||
| CVE-2024-21424 | 0.00 | — | 0.02 | Apr 9, 2024 | Azure Compute Gallery Elevation of Privilege Vulnerability |
- risk 0.50cvss 7.7epss 0.01
Improper input validation in Azure Compute Gallery allows an authorized attacker to disclose information over a network.
- CVE-2026-26122Mar 5, 2026risk 0.00cvss —epss 0.01
Initialization of a resource with an insecure default in Azure Compute Gallery allows an authorized attacker to disclose information over a network.
- CVE-2026-26124Mar 5, 2026risk 0.00cvss —epss 0.00
'.../...//' in Azure Compute Gallery allows an authorized attacker to elevate privileges locally.
- CVE-2026-23651Mar 5, 2026risk 0.00cvss —epss 0.01
Permissive regular expression in Azure Compute Gallery allows an authorized attacker to elevate privileges locally.
- CVE-2026-21522Feb 10, 2026risk 0.00cvss —epss 0.00
Improper neutralization of special elements used in a command ('command injection') in Azure Compute Gallery allows an authorized attacker to elevate privileges locally.
- CVE-2026-23655Feb 10, 2026risk 0.00cvss —epss 0.01
Cleartext storage of sensitive information in Azure Compute Gallery allows an authorized attacker to disclose information over a network.
- CVE-2025-59503Oct 23, 2025risk 0.00cvss —epss 0.01
Server-side request forgery (ssrf) in Azure Compute Gallery allows an unauthorized attacker to elevate privileges over a network.
- CVE-2025-59292Oct 14, 2025risk 0.00cvss —epss 0.00
External control of file name or path in Confidential Azure Container Instances allows an authorized attacker to elevate privileges locally.
- CVE-2025-59291Oct 14, 2025risk 0.00cvss —epss 0.00
External control of file name or path in Confidential Azure Container Instances allows an authorized attacker to elevate privileges locally.
- CVE-2024-21424Apr 9, 2024risk 0.00cvss —epss 0.02
Azure Compute Gallery Elevation of Privilege Vulnerability