Search criteria Use full-text search for keyword queries.
Combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by dates instead of relevance.

2 vulnerabilities found for Azure Core shared client library for Python by Microsoft

CVE-2026-21226 (GCVE-0-2026-21226)

Vulnerability from cvelistv5 – Published: 2026-01-13 18:04 – Updated: 2026-02-22 17:01
VLAI?
Title
Azure Core shared client library for Python Remote Code Execution Vulnerability
Summary
Deserialization of untrusted data in Azure Core shared client library for Python allows an authorized attacker to execute code over a network.
Severity ?
7.5 (High)
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
CWE
  • CWE-502 - Deserialization of Untrusted Data
Assigner
References
Impacted products
Vendor Product Version
Microsoft Azure Core shared client library for Python Affected: 1.1.0 , < 1.38.0 (custom)
Create a notification for this product.
Date Public ?
2026-01-13 16:00
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-21226",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-01-13T18:28:13.612748Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-01-13T18:28:47.587Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Azure Core shared client library for Python",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "1.38.0",
              "status": "affected",
              "version": "1.1.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:microsoft:azure_core_shared_client_library_for_python:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "1.38.0",
                  "versionStartIncluding": "1.1.0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "datePublic": "2026-01-13T16:00:00.000Z",
      "descriptions": [
        {
          "lang": "en-US",
          "value": "Deserialization of untrusted data in Azure Core shared client library for Python allows an authorized attacker to execute code over a network."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en-US",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-502",
              "description": "CWE-502: Deserialization of Untrusted Data",
              "lang": "en-US",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-02-22T17:01:45.000Z",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "Azure Core shared client library for Python Remote Code Execution Vulnerability",
          "tags": [
            "vendor-advisory",
            "patch"
          ],
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21226"
        }
      ],
      "title": "Azure Core shared client library for Python Remote Code Execution Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2026-21226",
    "datePublished": "2026-01-13T18:04:55.084Z",
    "dateReserved": "2025-12-11T21:02:05.732Z",
    "dateUpdated": "2026-02-22T17:01:45.000Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-21226 (GCVE-0-2026-21226)

Vulnerability from nvd – Published: 2026-01-13 18:04 – Updated: 2026-02-22 17:01
VLAI?
Title
Azure Core shared client library for Python Remote Code Execution Vulnerability
Summary
Deserialization of untrusted data in Azure Core shared client library for Python allows an authorized attacker to execute code over a network.
Severity ?
7.5 (High)
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
CWE
  • CWE-502 - Deserialization of Untrusted Data
Assigner
References
Impacted products
Vendor Product Version
Microsoft Azure Core shared client library for Python Affected: 1.1.0 , < 1.38.0 (custom)
Create a notification for this product.
Date Public ?
2026-01-13 16:00
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-21226",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-01-13T18:28:13.612748Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-01-13T18:28:47.587Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Azure Core shared client library for Python",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "1.38.0",
              "status": "affected",
              "version": "1.1.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:microsoft:azure_core_shared_client_library_for_python:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "1.38.0",
                  "versionStartIncluding": "1.1.0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "datePublic": "2026-01-13T16:00:00.000Z",
      "descriptions": [
        {
          "lang": "en-US",
          "value": "Deserialization of untrusted data in Azure Core shared client library for Python allows an authorized attacker to execute code over a network."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en-US",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-502",
              "description": "CWE-502: Deserialization of Untrusted Data",
              "lang": "en-US",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-02-22T17:01:45.000Z",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "Azure Core shared client library for Python Remote Code Execution Vulnerability",
          "tags": [
            "vendor-advisory",
            "patch"
          ],
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21226"
        }
      ],
      "title": "Azure Core shared client library for Python Remote Code Execution Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2026-21226",
    "datePublished": "2026-01-13T18:04:55.084Z",
    "dateReserved": "2025-12-11T21:02:05.732Z",
    "dateUpdated": "2026-02-22T17:01:45.000Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}