{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-21228", "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "state": "PUBLISHED", "assignerShortName": "microsoft", "dateReserved": "2025-12-11T21:02:05.733Z", "datePublished": "2026-02-10T17:51:48.818Z", "dateUpdated": "2026-05-11T21:25:49.316Z"}, "containers": {"cna": {"title": "Azure Local Remote Code Execution Vulnerability", "datePublic": "2026-02-10T16:00:00.000Z", "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:microsoft:azure_local:*:*:*:*:*:*:*:*", "versionStartIncluding": "1.0.0", "versionEndExcluding": "2510.0.3002"}]}]}], "affected": [{"vendor": "Microsoft", "product": "Azure Local", "versions": [{"version": "1.0.0", "lessThan": "2510.0.3002", "versionType": "custom", "status": "affected"}]}], "descriptions": [{"value": "Improper certificate validation in Azure Local allows an unauthorized attacker to execute code over a network.", "lang": "en-US"}], "problemTypes": [{"descriptions": [{"description": "CWE-295: Improper Certificate Validation", "lang": "en-US", "type": "CWE", "cweId": "CWE-295"}]}], "providerMetadata": {"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft", "dateUpdated": "2026-05-11T21:25:49.316Z"}, "references": [{"name": "Azure Local Remote Code Execution Vulnerability", "tags": ["vendor-advisory", "patch"], "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21228"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en-US", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "baseSeverity": "HIGH", "baseScore": 8.1, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C"}}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-21228", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-02-11T04:56:08.120759Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-26T14:44:38.487Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-21228", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-02-11T04:56:08.120759Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-25T15:42:36.364Z"}}], "cna": {"title": "Azure Local Remote Code Execution Vulnerability", "metrics": [{"format": "CVSS", "cvssV3_1": {"version": "3.1", "baseScore": 8.1, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C"}, "scenarios": [{"lang": "en-US", "value": "GENERAL"}]}], "affected": [{"vendor": "Microsoft", "product": "Azure Local", "versions": [{"status": "affected", "version": "1.0.0", "lessThan": "2510.0.3002", "versionType": "custom"}]}], "datePublic": "2026-02-10T16:00:00.000Z", "references": [{"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21228", "name": "Azure Local Remote Code Execution Vulnerability", "tags": ["vendor-advisory", "patch"]}], "descriptions": [{"lang": "en-US", "value": "Improper certificate validation in Azure Local allows an unauthorized attacker to execute code over a network."}], "problemTypes": [{"descriptions": [{"lang": "en-US", "type": "CWE", "cweId": "CWE-295", "description": "CWE-295: Improper Certificate Validation"}]}], "cpeApplicability": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:azure_local:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "2510.0.3002", "versionStartIncluding": "1.0.0"}], "operator": "OR"}]}], "providerMetadata": {"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft", "dateUpdated": "2026-05-11T18:10:31.931Z"}}}, "cveMetadata": {"cveId": "CVE-2026-21228", "state": "PUBLISHED", "dateUpdated": "2026-05-11T18:10:31.931Z", "dateReserved": "2025-12-11T21:02:05.733Z", "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "datePublished": "2026-02-10T17:51:48.818Z", "assignerShortName": "microsoft"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:azure_local:*:*:*:*:*:*:*:*", "matchCriteriaId": "E3258428-DD98-4F13-8231-5FCE7D463895", "versionEndExcluding": "2510.0.3002", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Improper certificate validation in Azure Local allows an unauthorized attacker to execute code over a network."}, {"lang": "es", "value": "La validaci\u00f3n de certificado incorrecta en Azure Local permite a un atacante no autorizado ejecutar c\u00f3digo a trav\u00e9s de una red."}], "id": "CVE-2026-21228", "lastModified": "2026-02-25T14:20:49.480", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 5.9, "source": "secure@microsoft.com", "type": "Primary"}]}, "published": "2026-02-10T18:16:23.297", "references": [{"source": "secure@microsoft.com", "tags": ["Vendor Advisory"], "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21228"}], "sourceIdentifier": "secure@microsoft.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-295"}], "source": "secure@microsoft.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[1.0.0,2510.0.3002)"}}], "product": "azure_local", "vendor": "microsoft"}], "analysis": {"en": {"generated_at": "2026-04-15T16:18:27.452593+00:00", "value": {"mitigation_remediation": ["Deploy the latest Azure Local security update that corrects certificate validation.", "Configure Azure Local to enforce strict certificate validation and reject any non\u2011trusted certificates.", "Limit network exposure of Azure Local to trusted subnets, and monitor for anomalous TLS traffic."], "summary": {"action": "Patch Immediately", "impact": "Remote Code Execution"}, "threat_synthesis": {"affected_systems": "The vendor and product impacted are Microsoft Azure Local. No specific version information is listed in the available data, so all deployments of Azure Local that may not have applied the latest security updates are potentially vulnerable.", "description_and_impact": "Improper certificate validation in Azure Local enables an unauthorized attacker to execute arbitrary code over the network. This flaw permits remote code execution by accepting invalid or forged certificates, thereby compromising confidentiality, integrity, and availability of the affected service.", "risk_and_exploitability": "The CVSS score of 8.1 reflects high severity, yet the EPSS score of less than 1% indicates a low likelihood of exploitation at present. The vulnerability is not yet listed in the CISA KEV catalog. Attackers would need network access to the Azure Local service and could exploit the weakness by presenting a malformed or self\u2011signed certificate during TLS negotiation. Because the fault lies in certificate validation, the exposure is generally limited to systems that rely on Azure Local for network communication, but the impact of successful exploitation would be full remote code execution."}}}}, "created": "2026-02-10T21:33:41.442901+00:00", "updated": "2026-04-15T17:30:10.493268+00:00", "vendors": ["microsoft", "microsoft$PRODUCT$azure_local"]}