CVE-2026-26147— Azure Stack HCI Information Disclosure Vulnerability
Possible ATT&CK Techniques 1AI
T1530 · Data from Cloud StorageGet alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-26147
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Azure Stack HCI Information Disclosure Vulnerability
Source: NVD (National Vulnerability Database)
Vulnerability Description
Improper input validation in Azure Compute Gallery allows an authorized attacker to disclose information over a network.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
Source: NVD (National Vulnerability Database)
Vulnerability Type
输入验证不恰当
Source: NVD (National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Microsoft | Azure Stack HCI | - | - |
II. Public POCs for CVE-2026-26147
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
default-local-qwen3.6 · 15511 chars
Paid plan includes:
In-depth vulnerability mechanism
Trigger conditions & impact
Full executable POC code
Exploit chain & mitigation
POC zip download
100+ AI POC generations per month
III. Intelligence Information for CVE-2026-26147
请登录查看更多情报信息。
Vendor Advisories for CVE-2026-26147 (1)
Same Patch Batch · Microsoft · 2026-05-22 · 13 CVEs total
| CVE-2026-42901 | 10.0 CRITICAL | Microsoft Entra ID Elevation of Privilege Vulnerability |
| CVE-2026-41104 | 10.0 CRITICAL | Microsoft Planetary Computer Pro Information Disclosure Vulnerability |
| CVE-2026-47280 | 10.0 CRITICAL | Azure Resource Manager Elevation of Privilege Vulnerability |
| CVE-2026-23652 | 10.0 CRITICAL | Microsoft Power Pages Remote Code Execution Vulnerability |
| CVE-2026-40412 | 10.0 CRITICAL | Azure Orbital Spatio Remote Code Execution Vulnerability |
| CVE-2026-40411 | 9.9 CRITICAL | Azure Virtual Network Gateway Remote Code Execution Vulnerability |
| CVE-2026-41090 | 9.3 CRITICAL | Microsoft Copilot Tampering Vulnerability |
| CVE-2026-33843 | 9.1 CRITICAL | Microsoft Azure Active Directory B2C Elevation of Privilege Vulnerability |
| CVE-2026-45659 | 8.8 HIGH | Microsoft SharePoint Remote Code Execution Vulnerability |
| CVE-2026-35430 | 8.8 HIGH | Azure Privileged Identity Management (PIM) Elevation of Privilege Vulnerability |
| CVE-2026-23663 | 7.5 HIGH | Microsoft Global Secure Access (GSA) Information Disclosure Vulnerability |
| CVE-2026-42827 | 6.5 MEDIUM | M365 Copilot Information Disclosure Vulnerability |
IV. Related Vulnerabilities
Same vendor: Microsoft
- CVE-2026-42901
Microsoft Entra ID Elevation of Privilege Vulnerability - CVE-2026-23663
Microsoft Global Secure Access (GSA) Information Disclosure - CVE-2026-41104
Microsoft Planetary Computer Pro Information Disclosure Vuln - CVE-2026-45659
Microsoft SharePoint Remote Code Execution Vulnerability - CVE-2026-33843
Microsoft Azure Active Directory B2C Elevation of Privilege
Same weakness: CWE-20
- CVE-2026-40411
Azure Virtual Network Gateway Remote Code Execution Vulnerab - CVE-2026-3294
Authentication Logic Vulnerability on Multiple TP-Link Range - CVE-2026-34207
TypeBot: SSRF Protection Bypass via DNS-Resolved Hostnames i - CVE-2026-44417
Apache CXF: Incomplete fix for CVE-2025-48913 (Untrusted JMS - CVE-2026-34910
UniFi OS设备命令注入漏洞
V. Comments for CVE-2026-26147
No comments yet