Aci Confidential Containers
CVE-2026-23651
MEDIUM
Severity by source
AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
2DescriptionCVE.org
Permissive regular expression in Azure Compute Gallery allows an authorized attacker to elevate privileges locally.
AnalysisAI
Privilege escalation in Azure Compute Gallery's regex validation enables high-privileged local users to gain unauthorized system access on affected Microsoft and ACI Confidential Containers systems. An authenticated attacker with elevated permissions can exploit the permissive pattern matching to bypass security controls and achieve full system compromise. No patch is currently available, making this a medium-severity risk for environments running vulnerable versions.
Technical ContextAI
Permissive regular expression in Azure Compute Gallery allows an authorized attacker to elevate privileges locally.
RemediationAI
Monitor vendor advisories for a patch.
More in Aci Confidential Containers
View all'.../...//' in Azure Compute Gallery allows an authorized attacker to elevate privileges locally. [CVSS 6.7 MEDIUM]
Unauthorized information disclosure in Azure Compute Gallery occurs due to insecure default initialization settings that
Same weakness CWE-625 – Permissive Regular Expression
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today