Azure
CVE-2026-21528
MEDIUM
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Lifecycle Timeline
2DescriptionCVE.org
Binding to an unrestricted ip address in Azure IoT Explorer allows an unauthorized attacker to disclose information over a network.
AnalysisAI
Azure IoT Explorer binds to unrestricted IP addresses, enabling unauthenticated remote attackers to intercept and disclose sensitive information over the network. This vulnerability affects Azure IoT deployments where the Explorer tool is exposed without proper network segmentation. No patch is currently available, making network isolation the primary mitigation strategy.
Technical ContextAI
Affects Azure Iot Explorer. Binding to an unrestricted ip address in Azure IoT Explorer allows an unauthorized attacker to disclose information over a network.
RemediationAI
Monitor vendor advisories for a patch. Restrict network access to the affected service where possible.
Path traversal in pnpm's tarball extraction on Windows allows attackers to write files outside the intended package dire
Default password in Himmelblau Azure Entra ID suite 3.0.0-3.0.x. CVSS 10.0.
Default credentials in Cisco ISE cloud deployments on AWS/Azure/OCI. CVSS 9.9.
Azure Resource Manager has a CVSS 9.9 access control vulnerability allowing authorized users to escalate privileges acro
Deserialization of untrusted data in Azure SDK allows unauthorized code execution over a network. EPSS 0.32%.
Elevation of privilege vulnerability in Azure Front Door allows attackers to gain elevated access. Microsoft Azure cloud
Azure Front Door has an improper access control vulnerability (CVSS 9.8) allowing unauthorized attackers to elevate priv
Azure AD auth bypass in Devolutions Server 2025.3.15.0 and earlier.
Fleet device management software has a signature verification bypass that allows attackers to install malicious firmware
Azure Entra ID (formerly Azure AD) has an elevation of privilege vulnerability allowing attackers to escalate permission
Privilege escalation in Azure Logic Apps results from improper path validation, enabling remote attackers to gain elevat
Azure Function Information Disclosure Vulnerability [CVSS 8.2 HIGH]
Same weakness CWE-1327 – Binding to an Unrestricted IP Address
View allShare
External POC / Exploit Code
Leaving vuln.today