{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-26148", "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "state": "PUBLISHED", "assignerShortName": "microsoft", "dateReserved": "2026-02-11T16:24:51.135Z", "datePublished": "2026-03-10T17:05:14.582Z", "dateUpdated": "2026-04-14T16:36:22.633Z"}, "containers": {"cna": {"title": "Microsoft Azure AD SSH Login extension for Linux Elevation of Privilege Vulnerability", "datePublic": "2026-03-10T14:00:00.000Z", "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:microsoft:azure_ad_ssh_login_extension_for_linux:*:*:*:*:*:*:*:*", "versionStartIncluding": "1.0.0", "versionEndExcluding": "1.0.033370002"}]}]}], "affected": [{"vendor": "Microsoft", "product": "Microsoft Azure AD SSH Login extension for Linux", "versions": [{"version": "1.0.0", "lessThan": "1.0.033370002", "versionType": "custom", "status": "affected"}]}], "descriptions": [{"value": "External initialization of trusted variables or data stores in Azure Entra ID allows an unauthorized attacker to elevate privileges locally.", "lang": "en-US"}], "problemTypes": [{"descriptions": [{"description": "CWE-454: External Initialization of Trusted Variables or Data Stores", "lang": "en-US", "type": "CWE", "cweId": "CWE-454"}]}], "providerMetadata": {"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft", "dateUpdated": "2026-04-14T16:36:22.633Z"}, "references": [{"name": "Microsoft Azure AD SSH Login extension for Linux Elevation of Privilege Vulnerability", "tags": ["vendor-advisory", "patch"], "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26148"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en-US", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "baseSeverity": "HIGH", "baseScore": 8.1, "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C"}}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-10T18:00:53.165002Z", "id": "CVE-2026-26148", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-10T18:00:59.920Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-26148", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-03-10T18:00:53.165002Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-10T18:00:55.416Z"}}], "cna": {"title": "Microsoft Azure AD SSH Login extension for Linux Elevation of Privilege Vulnerability", "metrics": [{"format": "CVSS", "cvssV3_1": {"version": "3.1", "baseScore": 8.1, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C"}, "scenarios": [{"lang": "en-US", "value": "GENERAL"}]}], "affected": [{"vendor": "Microsoft", "product": "Microsoft Azure AD SSH Login extension for Linux", "versions": [{"status": "affected", "version": "1.0.0", "lessThan": "1.0.033370002", "versionType": "custom"}]}], "datePublic": "2026-03-10T14:00:00.000Z", "references": [{"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26148", "name": "Microsoft Azure AD SSH Login extension for Linux Elevation of Privilege Vulnerability", "tags": ["vendor-advisory", "patch"]}], "descriptions": [{"lang": "en-US", "value": "External initialization of trusted variables or data stores in Azure Entra ID allows an unauthorized attacker to elevate privileges locally."}], "problemTypes": [{"descriptions": [{"lang": "en-US", "type": "CWE", "cweId": "CWE-454", "description": "CWE-454: External Initialization of Trusted Variables or Data Stores"}]}], "cpeApplicability": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:azure_ad_ssh_login_extension_for_linux:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "1.0.033370002", "versionStartIncluding": "1.0.0"}], "operator": "OR"}]}], "providerMetadata": {"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft", "dateUpdated": "2026-04-14T16:36:22.633Z"}}}, "cveMetadata": {"cveId": "CVE-2026-26148", "state": "PUBLISHED", "dateUpdated": "2026-04-14T16:36:22.633Z", "dateReserved": "2026-02-11T16:24:51.135Z", "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "datePublished": "2026-03-10T17:05:14.582Z", "assignerShortName": "microsoft"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:azure_ad_ssh_login_extension_for_linux:*:*:*:*:*:*:*:*", "matchCriteriaId": "75EBD042-DA8D-4CEE-8EF6-B345AC60EBDF", "versionEndExcluding": "1.0.033370002", "versionStartIncluding": "1.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "External initialization of trusted variables or data stores in Azure Entra ID allows an unauthorized attacker to elevate privileges locally."}, {"lang": "es", "value": "Inicializaci\u00f3n externa de variables de confianza o almacenes de datos en Azure Entra ID permite a un atacante no autorizado elevar privilegios localmente."}], "id": "CVE-2026-26148", "lastModified": "2026-03-13T17:03:19.720", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.4, "impactScore": 6.0, "source": "secure@microsoft.com", "type": "Primary"}]}, "published": "2026-03-10T18:18:43.270", "references": [{"source": "secure@microsoft.com", "tags": ["Vendor Advisory"], "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26148"}], "sourceIdentifier": "secure@microsoft.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-454"}], "source": "secure@microsoft.com", "type": "Primary"}, {"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[1.0.0,1.0.033370002)"}}], "enrichment": {"confidence": 95.0, "confidence_source": "inferred", "scores": [{"score": 95.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "Microsoft Azure AD SSH Login extension for Linux", "source": "cna", "vendor": "Microsoft"}, "product": "azure_ad_ssh_login_extension_for_linux", "vendor": "microsoft"}], "analysis": {"en": {"generated_at": "2026-03-16T23:17:28.370879+00:00", "value": {"mitigation_remediation": ["Update the Microsoft Azure AD SSH Login extension for Linux to the latest version that removes the external initialization of trusted variables."], "summary": {"action": "Apply Patch", "impact": "Local Privilege Escalation"}, "threat_synthesis": {"affected_systems": "Affected vendors and products include Microsoft Azure AD SSH Login extension for Linux. No specific affected version ranges are supplied in the CNA data, so any installation of the extension that relies on Azure Entra ID for trusted variable initialization is potentially impacted until a vendor\u2011provided update is applied.", "description_and_impact": "The vulnerability arises from external initialization of trusted variables or data stores within Azure Entra ID, providing an unauthorized attacker the ability to elevate privileges locally on systems running the Azure AD SSH Login extension for Linux. The weakness is classified as CWE-454, which involves improper handling of privileged data. This flaw could allow a local attacker to gain higher level permissions than intended, potentially compromising sensitive system data or performing unauthorized operations. The CVSS score is 8.1, indicating a severe impact on confidentiality, integrity, and availability within the scope of the affected system.", "risk_and_exploitability": "The EPSS score is below 1%, and the vulnerability does not appear in CISA\u2019s KEV catalog. The attack vector is inferred to be local, requiring the attacker to have some level of access to the target machine to exploit the initialization flaw. The high CVSS score indicates that, when exploded, the vulnerability could lead to significant privilege escalation. However, the low EPSS suggests that, in practice, exploitation may be uncommon. The deficiency is a local one; therefore, mitigations that prevent unauthorized local manipulation of the extension\u2019s configuration can reduce risk."}}}}, "created": "2026-03-11T11:45:30.302612+00:00", "updated": "2026-03-20T14:34:11.628087+00:00", "vendors": ["microsoft", "microsoft$PRODUCT$azure_ad_ssh_login_extension_for_linux"]}