{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/products/planetary-computer-pro/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[{"cvss":10,"id":"CVE-2026-41104"}],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["Planetary Computer Pro"],"_cs_severities":["critical"],"_cs_tags":["cve","deserialization","information disclosure"],"_cs_type":"advisory","_cs_vendors":["Microsoft"],"content_html":"\u003cp\u003eCVE-2026-41104 is a critical vulnerability affecting Microsoft Planetary Computer Pro. This deserialization of untrusted data vulnerability allows an unauthorized attacker to disclose sensitive information over a network. The vulnerability stems from improper handling of serialized data, leading to potential information leakage. Successful exploitation can lead to unauthorized access to sensitive data, impacting the confidentiality of the Planetary Computer Pro environment. Defenders need to patch systems running Microsoft Planetary Computer Pro immediately and monitor for signs of exploitation attempts.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAttacker crafts a malicious serialized data payload.\u003c/li\u003e\n\u003cli\u003eThe attacker sends the crafted payload to the vulnerable Microsoft Planetary Computer Pro instance over the network.\u003c/li\u003e\n\u003cli\u003ePlanetary Computer Pro processes the data without proper validation, triggering the deserialization vulnerability (CWE-502).\u003c/li\u003e\n\u003cli\u003eThe malicious payload is deserialized, leading to the execution of unintended code or data access.\u003c/li\u003e\n\u003cli\u003eThe attacker gains unauthorized access to sensitive information stored within the Planetary Computer Pro environment.\u003c/li\u003e\n\u003cli\u003eThe attacker retrieves the disclosed information over the network.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2026-41104 allows an unauthorized attacker to disclose information over a network. Given the critical severity rating (CVSS 10.0), the potential impact is significant, including unauthorized data access and potential compromise of sensitive information. The vulnerability affects Microsoft Planetary Computer Pro, potentially impacting organizations that rely on this service for planetary data analysis and processing.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eApply the security update provided by Microsoft to patch CVE-2026-41104 in Microsoft Planetary Computer Pro as soon as possible.\u003c/li\u003e\n\u003cli\u003eMonitor network traffic for suspicious patterns indicative of deserialization attacks targeting Microsoft Planetary Computer Pro.\u003c/li\u003e\n\u003cli\u003eImplement network segmentation and access controls to limit the potential impact of a successful exploit.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule \u003ccode\u003eDetect CVE-2026-41104 Deserialization Attempt\u003c/code\u003e to identify potential exploitation attempts in network traffic.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-05-26T13:54:37Z","date_published":"2026-05-26T13:54:37Z","id":"https://feed.craftedsignal.io/briefs/2026-05-cve-2026-41104/","summary":"CVE-2026-41104 is a critical vulnerability in Microsoft Planetary Computer Pro that allows an unauthorized attacker to disclose information over a network by deserializing untrusted data.","title":"CVE-2026-41104 - Microsoft Planetary Computer Pro Deserialization Vulnerability","url":"https://feed.craftedsignal.io/briefs/2026-05-cve-2026-41104/"}],"language":"en","title":"CraftedSignal Threat Feed — Planetary Computer Pro","version":"https://jsonfeed.org/version/1.1"}