CVE-2026-23651

Received Received - Intake

Permissive Regex in Azure Compute Gallery Enables Local Privilege Escalation

Publication date: 2026-03-05

Last updated on: 2026-03-16

Assigner: Microsoft Corporation

Description

Permissive regular expression in Azure Compute Gallery allows an authorized attacker to elevate privileges locally.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published

2026-03-05

Last Modified

2026-03-16

Generated

2026-06-16

AI Q&A

2026-03-06

EPSS Evaluated

2026-06-15

NVD

CVE-2026-23651

EUVD

EUVD-2026-9886

Affected Vendors & Products

Vendor	Product	Version / Range
microsoft	aci_confidential_containers	*

Helpful Resources

Exploitability

CWE

KEV

CWE ID	Description
CWE-625	The product uses a regular expression that does not sufficiently restrict the set of allowed values.

Attack-Flow Graph

Executive Summary

This vulnerability involves a permissive regular expression in Azure Compute Gallery that allows an authorized attacker to elevate their privileges locally.

Impact Analysis

An attacker who is already authorized can exploit this vulnerability to gain higher privileges on the local system, potentially leading to full control over affected resources.

Compliance Impact

I don't know

Detection Guidance

I don't know

Mitigation Strategies

I don't know

Hi! I’m here to help you understand CVE-2026-23651. Ask me anything about the vulnerability, its impact, or mitigation strategies.

0/70

CVE-2026-23651

Permissive Regex in Azure Compute Gallery Enables Local Privilege Escalation

Description

CVSS Scores

EPSS Scores

Meta Information

Affected Vendors & Products

Helpful Resources

Exploitability

Attack-Flow Graph

AI Quick Actions

Chat Assistant

EPSS Chart