Vulnerability Details CVE-2026-21522
Improper neutralization of special elements used in a command ('command injection') in Azure Compute Gallery allows an authorized attacker to elevate privileges locally.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 14.5%
CVSS Severity
CVSS v3 Score 6.7
Products affected by CVE-2026-21522
-
cpe:2.3:a:microsoft:confcom:0.2.10
-
cpe:2.3:a:microsoft:confcom:0.2.11
-
cpe:2.3:a:microsoft:confcom:0.2.12
-
cpe:2.3:a:microsoft:confcom:0.2.13
-
cpe:2.3:a:microsoft:confcom:0.2.15
-
cpe:2.3:a:microsoft:confcom:0.2.16
-
cpe:2.3:a:microsoft:confcom:0.2.17
-
cpe:2.3:a:microsoft:confcom:0.2.18
-
cpe:2.3:a:microsoft:confcom:0.3.0
-
cpe:2.3:a:microsoft:confcom:0.3.1
-
cpe:2.3:a:microsoft:confcom:0.3.2
-
cpe:2.3:a:microsoft:confcom:0.3.3
-
cpe:2.3:a:microsoft:confcom:0.3.4
-
cpe:2.3:a:microsoft:confcom:0.3.5
-
cpe:2.3:a:microsoft:confcom:0.3.6
-
cpe:2.3:a:microsoft:confcom:1.0.0
-
cpe:2.3:a:microsoft:confcom:1.0.1
-
cpe:2.3:a:microsoft:confcom:1.1.0
-
cpe:2.3:a:microsoft:confcom:1.1.1
-
cpe:2.3:a:microsoft:confcom:1.2.0
-
cpe:2.3:a:microsoft:confcom:1.2.1
-
cpe:2.3:a:microsoft:confcom:1.2.2
-
cpe:2.3:a:microsoft:confcom:1.2.3
-
cpe:2.3:a:microsoft:confcom:1.2.4
-
cpe:2.3:a:microsoft:confcom:1.2.5
-
cpe:2.3:a:microsoft:confcom:1.2.6
-
cpe:2.3:a:microsoft:confcom:1.2.7