Skip to content
Threat Feed
critical advisory

CVE-2026-41104 - Microsoft Planetary Computer Pro Deserialization Vulnerability

CVE-2026-41104 is a critical vulnerability in Microsoft Planetary Computer Pro that allows an unauthorized attacker to disclose information over a network by deserializing untrusted data.

CVE-2026-41104 is a critical vulnerability affecting Microsoft Planetary Computer Pro. This deserialization of untrusted data vulnerability allows an unauthorized attacker to disclose sensitive information over a network. The vulnerability stems from improper handling of serialized data, leading to potential information leakage. Successful exploitation can lead to unauthorized access to sensitive data, impacting the confidentiality of the Planetary Computer Pro environment. Defenders need to patch systems running Microsoft Planetary Computer Pro immediately and monitor for signs of exploitation attempts.

Attack Chain

  1. Attacker crafts a malicious serialized data payload.
  2. The attacker sends the crafted payload to the vulnerable Microsoft Planetary Computer Pro instance over the network.
  3. Planetary Computer Pro processes the data without proper validation, triggering the deserialization vulnerability (CWE-502).
  4. The malicious payload is deserialized, leading to the execution of unintended code or data access.
  5. The attacker gains unauthorized access to sensitive information stored within the Planetary Computer Pro environment.
  6. The attacker retrieves the disclosed information over the network.

Impact

Successful exploitation of CVE-2026-41104 allows an unauthorized attacker to disclose information over a network. Given the critical severity rating (CVSS 10.0), the potential impact is significant, including unauthorized data access and potential compromise of sensitive information. The vulnerability affects Microsoft Planetary Computer Pro, potentially impacting organizations that rely on this service for planetary data analysis and processing.

Recommendation

  • Apply the security update provided by Microsoft to patch CVE-2026-41104 in Microsoft Planetary Computer Pro as soon as possible.
  • Monitor network traffic for suspicious patterns indicative of deserialization attacks targeting Microsoft Planetary Computer Pro.
  • Implement network segmentation and access controls to limit the potential impact of a successful exploit.
  • Deploy the Sigma rule Detect CVE-2026-41104 Deserialization Attempt to identify potential exploitation attempts in network traffic.

Detection coverage 2

Detect CVE-2026-41104 Deserialization Attempt

high

Detects potential exploitation of CVE-2026-41104 by identifying suspicious network traffic indicative of deserialization attacks targeting Microsoft Planetary Computer Pro.

sigma tactics: initial_access techniques: T1190 sources: network_connection, windows

Detect CVE-2026-41104 - Suspicious HTTP Request to Microsoft Planetary Computer Pro

high

Detects CVE-2026-41104 exploitation - identifies suspicious HTTP requests targeting Microsoft Planetary Computer Pro with potentially malicious serialized data in the request body.

sigma tactics: initial_access techniques: T1190 sources: webserver

Detection queries are available on the platform. Get full rules →