CVE-2026-26148

Summary

External initialization of trusted variables or data stores in Azure Entra ID allows an unauthorized attacker to elevate privileges locally.

Affected Software

VendorProductVersion RangeStatus
MicrosoftMicrosoft Azure AD SSH Login extension for Linux1.0.0 < 1.0.033370002affected

Weaknesses

  • CWE-454: CWE-454: External Initialization of Trusted Variables or Data Stores

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References