What is the CVSS score of CVE-2026-26147?

CVE-2026-26147 has a CVSS 3.1 base score of 7.7 (High). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N. EPSS exploitation probability: 0.1%.

Which versions of Azure Compute Gallery are affected by CVE-2026-26147?

Microsoft Azure Compute Gallery contains an information disclosure vulnerability (CVE-2026-26147) that could allow authenticated users to access sensitive data across tenant and resource boundaries.. A patch is available.

Azure Compute Gallery CVE-2026-26147

EUVD-2026-31516 HIGH

Improper Input Validation (CWE-20)

2026-05-22 microsoft

GHSA-jp7v-xgrx-wqjf

Information Disclosure Microsoft

7.7

CVSS 3.1

Temporal: 6.7

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Changed

Confidentiality

High

Integrity

None

Availability

None

Lifecycle Timeline

Analysis Generated

May 22, 2026 - 22:48 vuln.today

DescriptionNVD

Improper input validation in Azure Compute Gallery allows an authorized attacker to disclose information over a network.

AnalysisAI

Information disclosure in Microsoft Azure Compute Gallery permits an authenticated remote attacker to read sensitive data across tenant or resource boundaries due to improper input validation (CWE-20). The scope-changed CVSS 7.7 rating reflects cross-boundary impact, but the exploit maturity is currently unproven (E:U) and no public exploit identified at time of analysis. …

RemediationAI

Within 24 hours: Inventory all Azure Compute Gallery instances and assess patch applicability. Within 7 days: Apply Microsoft's official security update released via MSRC to all affected deployments. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

More from same product – last 7 days

CVE-2026-10044 HIGH This Week POC

8.2 May 28

{filename} endpoint. The flawed traversal guard only rejects forward slashes and '..' sequences, so absolute Windows pat

CVE-2026-40412 CRITICAL Monitor

10.0 May 22

Remote code execution in Microsoft Azure Orbital Spatio allows unauthenticated network attackers to upload dangerous fil

CVE-2026-41104 CRITICAL Monitor

10.0 May 22

Unsafe deserialization in Microsoft Planetary Computer Pro (Geocatalog) lets a remote unauthenticated attacker craft mal

CVE-2026-23652 CRITICAL Monitor

10.0 May 22

Remote code execution in Microsoft Power Pages allows unauthenticated network attackers to inject and execute operating-

CVE-2026-47280 CRITICAL Monitor

10.0 May 22

Privilege elevation in Microsoft Azure Resource Manager (ARM) allows remote unauthenticated attackers to bypass authenti

CVE-2026-26147 vulnerability details – vuln.today

Back

Azure Compute Gallery CVE-2026-26147

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Full analysis requires sign-in

More from same product – last 7 days

Share

External POC / Exploit Code