{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-21226", "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "state": "PUBLISHED", "assignerShortName": "microsoft", "dateReserved": "2025-12-11T21:02:05.732Z", "datePublished": "2026-01-13T18:04:55.084Z", "dateUpdated": "2026-04-01T13:49:21.414Z"}, "containers": {"cna": {"title": "Azure Core shared client library for Python Remote Code Execution Vulnerability", "datePublic": "2026-01-13T16:00:00.000Z", "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:microsoft:azure_core_shared_client_library_for_python:*:*:*:*:*:*:*:*", "versionStartIncluding": "1.1.0", "versionEndExcluding": "1.38.0"}]}]}], "affected": [{"vendor": "Microsoft", "product": "Azure Core shared client library for Python", "versions": [{"version": "1.1.0", "lessThan": "1.38.0", "versionType": "custom", "status": "affected"}]}], "descriptions": [{"value": "Deserialization of untrusted data in Azure Core shared client library for Python allows an authorized attacker to execute code over a network.", "lang": "en-US"}], "problemTypes": [{"descriptions": [{"description": "CWE-502: Deserialization of Untrusted Data", "lang": "en-US", "type": "CWE", "cweId": "CWE-502"}]}], "providerMetadata": {"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft", "dateUpdated": "2026-04-01T13:49:21.414Z"}, "references": [{"name": "Azure Core shared client library for Python Remote Code Execution Vulnerability", "tags": ["vendor-advisory", "patch"], "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21226"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en-US", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "baseSeverity": "HIGH", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C"}}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-01-13T18:28:13.612748Z", "id": "CVE-2026-21226", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-13T18:28:47.587Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-21226", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-01-13T18:28:13.612748Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-13T18:28:29.233Z"}}], "cna": {"title": "Azure Core shared client library for Python Remote Code Execution Vulnerability", "metrics": [{"format": "CVSS", "cvssV3_1": {"version": "3.1", "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C"}, "scenarios": [{"lang": "en-US", "value": "GENERAL"}]}], "affected": [{"vendor": "Microsoft", "product": "Azure Core shared client library for Python", "versions": [{"status": "affected", "version": "1.1.0", "lessThan": "1.38.0", "versionType": "custom"}]}], "datePublic": "2026-01-13T16:00:00.000Z", "references": [{"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21226", "name": "Azure Core shared client library for Python Remote Code Execution Vulnerability", "tags": ["vendor-advisory", "patch"]}], "descriptions": [{"lang": "en-US", "value": "Deserialization of untrusted data in Azure Core shared client library for Python allows an authorized attacker to execute code over a network."}], "problemTypes": [{"descriptions": [{"lang": "en-US", "type": "CWE", "cweId": "CWE-502", "description": "CWE-502: Deserialization of Untrusted Data"}]}], "cpeApplicability": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:azure_core_shared_client_library_for_python:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "1.38.0", "versionStartIncluding": "1.1.0"}], "operator": "OR"}]}], "providerMetadata": {"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft", "dateUpdated": "2026-04-01T13:49:21.414Z"}}}, "cveMetadata": {"cveId": "CVE-2026-21226", "state": "PUBLISHED", "dateUpdated": "2026-04-01T13:49:21.414Z", "dateReserved": "2025-12-11T21:02:05.732Z", "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "datePublished": "2026-01-13T18:04:55.084Z", "assignerShortName": "microsoft"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:azure_core_shared_client_library:*:*:*:*:*:python:*:*", "matchCriteriaId": "43DC5EFE-C77D-469D-8402-769897B0DC30", "versionEndExcluding": "1.38.0", "versionStartIncluding": "1.1.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Deserialization of untrusted data in Azure Core shared client library for Python allows an authorized attacker to execute code over a network."}], "id": "CVE-2026-21226", "lastModified": "2026-02-05T17:58:29.607", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.6, "impactScore": 5.9, "source": "secure@microsoft.com", "type": "Primary"}]}, "published": "2026-01-13T19:16:23.987", "references": [{"source": "secure@microsoft.com", "tags": ["Vendor Advisory"], "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21226"}], "sourceIdentifier": "secure@microsoft.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-502"}], "source": "secure@microsoft.com", "type": "Primary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-16T18:08:46.837217+00:00", "value": {"mitigation_remediation": ["Apply Microsoft\u2019s patch by upgrading the Azure Core shared client library for Python to the latest stable release.", "Remove or replace any legacy modules or custom wrappers that depend on older vulnerable versions of the library.", "Enforce strict input validation and restrict deserialization to trusted data only; avoid passing externally supplied data to the library.", "As a general best practice, review application code to ensure no untrusted serialized payloads reach this library, and consider isolating affected components behind network segmentation to limit exposure."], "summary": {"action": "Immediate Patch", "impact": "Remote Code Execution"}, "threat_synthesis": {"affected_systems": "The Azure Core shared client library for Python, as identified under Microsoft\u2019s product records, is affected. All installations matching the generic package name azure_core_shared_client_library or the Python\u2011specific distribution azure_core_shared_client_library_for_python are potentially vulnerable; specific affected revisions are not listed in the record, so users should verify the library version in use and consider upgrading.", "description_and_impact": "This vulnerability arises from the deserialization of untrusted data in Microsoft\u2019s Azure Core shared client library for Python. An attacker who has authorized network access can craft a malicious payload that the library deserializes, leading to the execution of arbitrary code on the host where the library runs. The weakness is classified as CWE-502, indicating that untrusted input is processed without adequate validation.", "risk_and_exploitability": "The CVSS score of 7.5 marks this as a high\u2011severity issue, while the EPSS score of 2% indicates a modest likelihood of exploitation at this time. The vulnerability is not currently listed in the CISA Known Exploited Vulnerabilities catalog. Exploitation requires an attacker with authorized access to network traffic that can deliver the crafted payload to the library; it does not facilitate unauthenticated or remote code execution without some level of network connectivity to the target service."}}}}, "created": "2026-04-16T18:15:43.297802+00:00", "updated": "2026-04-16T18:15:43.297814+00:00", "vendors": []}