What is the CVSS score of CVE-2026-21226?

CVE-2026-21226 has a CVSS 3.1 base score of 7.5 (High). CVSS vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H. EPSS exploitation probability: 1.5%.

Which versions of Python are affected by CVE-2026-21226?

CVE-2026-21226 presents notable security risk, a insecure deserialization vulnerability rated CVSS 7.5.. A patch is available.

How to fix or mitigate CVE-2026-21226?

Within 7 days: Identify all affected systems and apply vendor patches promptly. Restrict deserialization to trusted data sources and implement integrity checks.

Python CVE-2026-21226

HIGH

Deserialization of Untrusted Data (CWE-502)

2026-01-13 secure@microsoft.com

GHSA-jm66-cg57-jjv5

Python Azure Deserialization Azure Core Shared Client Library Suse

7.5

CVSS 3.1 · NVD

Severity by source

NVD PRIMARY

7.5 HIGH

AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

SUSE

HIGH

qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

High

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Patch released

Mar 31, 2026 - 21:13 nvd

Patch available

Analysis Generated

Mar 12, 2026 - 21:54 vuln.today

CVE Published

Jan 13, 2026 - 19:16 nvd

HIGH 7.5

Blast Radius

ecosystem impact

† from your stack dependencies † transitive graph · vuln.today resolves 4-path depth

5 pypi packages depend on azure-core (5 direct, 0 indirect)

Ecosystem-wide dependent count for version 1.38.0.

DescriptionCVE.org

Deserialization of untrusted data in Azure Core shared client library for Python allows an authorized attacker to execute code over a network.

AnalysisAI

Remote code execution in Azure Core Shared Client Library for Python results from insecure deserialization of untrusted data, allowing authenticated network-based attackers to achieve arbitrary code execution. The vulnerability affects Python applications utilizing the vulnerable library versions, with no patch currently available. …

Unlock full vulnerability intelligence

Risk assessment & exploitation conditions
Attack chain visualization
Remediation with exact patch versions
Threat intelligence from 22 sources
Personal watchlist & email alerts

Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access

Authenticate to Azure service

Exploit

Send malicious serialized object

Execution

Trigger unsafe deserialization in azure-core Python library

Impact

Execute arbitrary code with service privileges

Access

Authenticate to Azure service

Exploit

Send malicious serialized object

Execution

Trigger unsafe deserialization in azure-core Python library

Impact

Execute arbitrary code with service privileges

Vulnerability AssessmentAI

Exploitation	Attacker must possess valid Azure credentials (PR:L). … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment	CVSS 7.5 (HIGH). … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario	A remote attacker could exploit this vulnerability to compromise the affected system.
Remediation	Monitor vendor advisories for a patch. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 7 days: Identify all affected systems and apply vendor patches promptly. …

Threat intelligence, references, and detailed analysis are available after sign-in.

More from same product – last 7 days

CVE-2026-49257 CRITICAL Act Now

10.0 Jun 18

Authentication bypass in StarTree mcp-pinot versions 3.0.1 and earlier exposes the Model Context Protocol HTTP server on

CVE-2026-10561 CRITICAL Act Now

10.0 Jun 22

Unauthenticated remote code execution in IBM Langflow OSS versions 1.0.0 through 1.9.3 allows attackers to fully comprom

CVE-2026-55255 CRITICAL Act Now

9.9 Jun 19

Cross-user flow execution in Langflow versions prior to 1.9.1 allows any authenticated API user to run another user's fl

CVE-2026-53753 CRITICAL Act Now

9.8 Jun 16

Unauthenticated remote code execution in Crawl4AI versions <= 0.8.6 allows attackers to escape the AST-based sandbox in

CVE-2026-38714 CRITICAL Act Now

9.8 Jun 18

InHand Networks IR912 V1.0.0.r20042 and IR915 V1.0.0.r20042 (including earlier versions) were discovered to contain a co

Vendor StatusVendor

SUSE

Severity: High

Product	Status
Container suse/sl-micro/6.0/baremetal-os-container:2.1.3-6.31 Container suse/sl-micro/6.0/toolbox:13.2-9.1 Image SLE-Micro Image SLE-Micro-Azure Image SLE-Micro-BYOS Image SLE-Micro-BYOS-Azure Image SLE-Micro-BYOS-EC2 Image SLE-Micro-BYOS-GCE Image SLE-Micro-EC2 Image SLE-Micro-GCE	Affected
Container suse/sl-micro/6.0/base-os-container:2.1.3-7.4 Container suse/sl-micro/6.0/kvm-os-container:2.1.3-6.31 Container suse/sl-micro/6.0/rt-os-container:2.1.3-7.36 Image SL-Micro	Affected
SUSE Linux Enterprise High Availability Extension 16.0	Fixed
SUSE Linux Enterprise High Performance Computing 15 SP4 SUSE Linux Enterprise Module for Public Cloud 15 SP4 SUSE Linux Enterprise Server 15 SP4 SUSE Linux Enterprise Server for SAP Applications 15 SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3	Fixed
SUSE Linux Enterprise High Performance Computing 15 SP5 SUSE Linux Enterprise Module for Public Cloud 15 SP5 SUSE Linux Enterprise Server 15 SP5 SUSE Linux Enterprise Server for SAP Applications 15 SP5	Fixed

CVE-2026-21226 vulnerability details – vuln.today

Back

Python CVE-2026-21226

Severity by source

CVSS VectorNVD

Lifecycle Timeline

Blast Radius

DescriptionCVE.org

AnalysisAI

Unlock full vulnerability intelligence

Attack ChainAIDerived

Vulnerability AssessmentAI

Recommended ActionAI

More from same product – last 7 days

Vendor StatusVendor

SUSE

Share

External POC / Exploit Code