{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-21529", "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "state": "PUBLISHED", "assignerShortName": "microsoft", "dateReserved": "2025-12-30T18:10:54.847Z", "datePublished": "2026-02-10T17:51:33.525Z", "dateUpdated": "2026-05-11T21:25:34.434Z"}, "containers": {"cna": {"title": "Azure HDInsight Spoofing Vulnerability", "datePublic": "2026-02-10T16:00:00.000Z", "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:microsoft:azure_hdinsights:*:*:*:*:*:*:*:*", "versionStartIncluding": "1.0", "versionEndExcluding": "5.1"}]}]}], "affected": [{"vendor": "Microsoft", "product": "Azure HDInsight", "versions": [{"version": "1.0", "lessThan": "5.1", "versionType": "custom", "status": "affected"}]}], "descriptions": [{"value": "Improper neutralization of input during web page generation ('cross-site scripting') in Azure HDInsights allows an authorized attacker to perform spoofing over a network.", "lang": "en-US"}], "problemTypes": [{"descriptions": [{"description": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", "lang": "en-US", "type": "CWE", "cweId": "CWE-79"}]}], "providerMetadata": {"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft", "dateUpdated": "2026-05-11T21:25:34.434Z"}, "references": [{"name": "Azure HDInsight Spoofing Vulnerability", "tags": ["vendor-advisory", "patch"], "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21529"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en-US", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "baseSeverity": "MEDIUM", "baseScore": 5.7, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C"}}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-02-11T15:36:54.717376Z", "id": "CVE-2026-21529", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-11T15:38:49.338Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-21529", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-02-11T15:36:54.717376Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-11T15:38:43.245Z"}}], "cna": {"title": "Azure HDInsight Spoofing Vulnerability", "metrics": [{"format": "CVSS", "cvssV3_1": {"version": "3.1", "baseScore": 5.7, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C"}, "scenarios": [{"lang": "en-US", "value": "GENERAL"}]}], "affected": [{"vendor": "Microsoft", "product": "Azure HDInsight", "versions": [{"status": "affected", "version": "1.0", "lessThan": "5.1", "versionType": "custom"}]}], "datePublic": "2026-02-10T16:00:00.000Z", "references": [{"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21529", "name": "Azure HDInsight Spoofing Vulnerability", "tags": ["vendor-advisory", "patch"]}], "descriptions": [{"lang": "en-US", "value": "Improper neutralization of input during web page generation ('cross-site scripting') in Azure HDInsights allows an authorized attacker to perform spoofing over a network."}], "problemTypes": [{"descriptions": [{"lang": "en-US", "type": "CWE", "cweId": "CWE-79", "description": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"}]}], "cpeApplicability": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:azure_hdinsights:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "5.1", "versionStartIncluding": "1.0"}], "operator": "OR"}]}], "providerMetadata": {"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft", "dateUpdated": "2026-05-11T18:10:13.474Z"}}}, "cveMetadata": {"cveId": "CVE-2026-21529", "state": "PUBLISHED", "dateUpdated": "2026-05-11T18:10:13.474Z", "dateReserved": "2025-12-30T18:10:54.847Z", "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "datePublished": "2026-02-10T17:51:33.525Z", "assignerShortName": "microsoft"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:azure_hdinsight:*:*:*:*:*:*:*:*", "matchCriteriaId": "A326E32A-E560-49C8-9F8C-B41DF7D19AA6", "versionEndExcluding": "5.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Improper neutralization of input during web page generation ('cross-site scripting') in Azure HDInsights allows an authorized attacker to perform spoofing over a network."}], "id": "CVE-2026-21529", "lastModified": "2026-02-11T18:52:36.417", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.1, "impactScore": 3.6, "source": "secure@microsoft.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.3, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2026-02-10T18:16:35.433", "references": [{"source": "secure@microsoft.com", "tags": ["Vendor Advisory"], "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21529"}], "sourceIdentifier": "secure@microsoft.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "secure@microsoft.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[1.0,5.1)"}}], "product": "azure_hdinsights", "vendor": "microsoft"}], "analysis": {"en": {"generated_at": "2026-04-15T16:27:48.469301+00:00", "value": {"mitigation_remediation": ["Apply any Microsoft Azure HDInsight patch or update that addresses CVE\u20112026\u201121529 as soon as it becomes available.", "Implement strict output encoding and input sanitization for all user\u2011supplied data rendered on HDInsight web pages to mitigate XSS.", "Restrict HDInsight configuration and web page modification privileges to trusted administrators only, ensuring that only authorized users can inject content.", "Deploy a Web Application Firewall with XSS filtering rules to block malicious script payloads at the network perimeter."], "summary": {"action": "Patch immediately", "impact": "Cross-site scripting with spoofing capability"}, "threat_synthesis": {"affected_systems": "Microsoft Azure HDInsight service is affected. The CVE does not specify particular product versions or build numbers, so any deployed Azure HDInsight cluster that has not been updated after the release of the relevant Microsoft patch may be vulnerable.", "description_and_impact": "An authorized user can supply malicious input that is not properly neutralized during web page generation in Azure HDInsight, resulting in cross\u2011site scripting. The attacker can exploit this flaw to inject scripts that masquerade as legitimate content, enabling spoofing of the HDInsight web interface and potentially misleading both users and administrators. The primary vulnerability is a classic XSS flaw (CWE\u201179), which can lead to execution of arbitrary code in the victim\u2019s browser and may facilitate further attacks such as session hijacking or phishing within the HDInsight environment.", "risk_and_exploitability": "The CVSS score of 5.7 indicates a moderate severity, and the EPSS value of less than 1% reflects a very low probability of exploitation. The vulnerability is not listed in CISA's Known Exploited Vulnerabilities catalog. Exploitation requires authorized credentials and the ability to submit user\u2011controlled input to the HDInsight web application; with such access, an attacker can craft malicious scripts and induce spoofed content to be rendered in the browser. Overall risk is moderate with a low likelihood of widespread attacks pending an active exploit."}}}}, "created": "2026-02-10T21:33:44.446388+00:00", "updated": "2026-04-15T17:45:10.812543+00:00", "vendors": ["microsoft", "microsoft$PRODUCT$azure_hdinsights"]}