{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/tags/cve-2026-26147/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[{"cvss":7.7,"id":"CVE-2026-26147"}],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["Azure Compute Gallery"],"_cs_severities":["medium"],"_cs_tags":["cve-2026-26147","information-disclosure","cloud"],"_cs_type":"advisory","_cs_vendors":["Microsoft"],"content_html":"\u003cp\u003eCVE-2026-26147 describes an information disclosure vulnerability affecting the Azure Compute Gallery. The vulnerability stems from improper input validation within the service, potentially allowing an authorized attacker to gain unauthorized access to sensitive information over a network. While the specific details of the input validation flaw are not described in the source, the vulnerability is classified as HIGH severity with a CVSS score of 7.7. This vulnerability matters because it can lead to unauthorized disclosure of sensitive data stored within Azure Compute Gallery.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eThe attacker authenticates to the Azure environment with valid credentials, gaining access to the Azure Compute Gallery.\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a malicious request targeting the Azure Compute Gallery API endpoint.\u003c/li\u003e\n\u003cli\u003eThe malicious request exploits the improper input validation flaw by including specially crafted input.\u003c/li\u003e\n\u003cli\u003eThe Azure Compute Gallery processes the malicious request without proper validation.\u003c/li\u003e\n\u003cli\u003eDue to the lack of input sanitization, the system leaks sensitive information.\u003c/li\u003e\n\u003cli\u003eThe sensitive information is disclosed to the attacker over the network.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2026-26147 allows an authorized attacker to disclose sensitive information stored in the Azure Compute Gallery. The impact of this vulnerability is limited to information disclosure and does not allow for code execution, modification of data, or denial of service. The number of victims and the extent of the damage depend on the sensitivity of the data stored within the Azure Compute Gallery and the scope of the attacker\u0026rsquo;s access.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eApply the patch provided by Microsoft to remediate CVE-2026-26147 on Azure Compute Gallery as soon as possible (\u003ca href=\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26147)\"\u003ehttps://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26147)\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eMonitor Azure Compute Gallery logs for suspicious API requests containing unusual characters or patterns that may indicate exploitation attempts.\u003c/li\u003e\n\u003cli\u003eImplement and enforce strict input validation on all user-provided input to prevent similar vulnerabilities in the future.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-05-26T13:32:50Z","date_published":"2026-05-26T13:32:50Z","id":"https://feed.craftedsignal.io/briefs/2026-05-azure-compute-gallery-info-disc/","summary":"CVE-2026-26147 is an improper input validation vulnerability in Azure Compute Gallery that allows an authorized attacker to disclose information over a network.","title":"CVE-2026-26147: Azure Compute Gallery Information Disclosure via Improper Input Validation","url":"https://feed.craftedsignal.io/briefs/2026-05-azure-compute-gallery-info-disc/"}],"language":"en","title":"CraftedSignal Threat Feed — Cve-2026-26147","version":"https://jsonfeed.org/version/1.1"}