Description
Improper input validation in Azure Compute Gallery allows an authorized attacker to disclose information over a network.
Published: 2026-05-22
Score: 7.7 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Improper input validation in the Azure Compute Gallery component allows an attacker with authorized credentials to retrieve sensitive information over the network. The flaw is a classic input validation error, classified as CWE‑20, and the primary consequence is a confidentiality violation where data that should be protected can be exposed.

Affected Systems

Microsoft Azure Stack HCI deployments that include the Azure Compute Gallery service are affected. No specific product or version constraints were supplied, so any Azure Stack HCI installation using this component is potentially vulnerable.

Risk and Exploitability

The CVSS score of 7.7 indicates a high severity risk. The EPSS score is not available and the vulnerability is not listed in the CISA KEV catalog, suggesting that, while the potential impact is significant, there is no current evidence of active exploitation in the wild. Attackers would likely need legitimate credentials to access the vulnerable API endpoints, meaning mitigation should focus on credential protection and network access controls.

Generated by OpenCVE AI on May 22, 2026 at 23:50 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest Microsoft-published update or patch for Azure Stack HCI that addresses the Azure Compute Gallery input handling.
  • Restrict network access to Azure Compute Gallery APIs to only trusted internal networks or controllers, limiting exposure to the broader internet.
  • Implement logging and monitoring for unauthorized access attempts to the Azure Compute Gallery to detect potential exploitation attempts.

Generated by OpenCVE AI on May 22, 2026 at 23:50 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 22 May 2026 22:30:00 +0000

Type Values Removed Values Added
Description Improper input validation in Azure Compute Gallery allows an authorized attacker to disclose information over a network.
Title Azure Stack HCI Information Disclosure Vulnerability
First Time appeared Microsoft
Microsoft azure Stack Hci
Weaknesses CWE-20
CPEs cpe:2.3:a:microsoft:azure_stack_hci:*:*:*:*:*:*:*:*
Vendors & Products Microsoft
Microsoft azure Stack Hci
References
Metrics cvssV3_1

{'score': 7.7, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C'}

Subscriptions

Microsoft Azure Stack Hci
cve-icon MITRE

Status: PUBLISHED

Assigner: microsoft

Published:

Updated: 2026-05-22T22:03:09.750Z

Reserved: 2026-02-11T16:24:51.135Z

Link: CVE-2026-26147

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-23T00:00:05Z

Weaknesses