CVE-2026-26122
Information Disclosure in Microsoft ACI Confidential Containers
Publication date: 2026-03-05
Last updated on: 2026-03-16
Assigner: Microsoft Corporation
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| microsoft | aci_confidential_containers | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-1188 | The product initializes or sets a resource with a default that is intended to be changed by the product's installer, administrator, or maintainer, but the default is not secure. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an information disclosure issue in Microsoft ACI Confidential Containers. It allows an attacker with low privileges and network access to potentially gain access to sensitive information without user interaction.
How can this vulnerability impact me? :
The impact of this vulnerability is the unauthorized disclosure of confidential information. Although it does not affect integrity or availability, the exposure of sensitive data could lead to privacy breaches or further exploitation.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
Information disclosure vulnerabilities can negatively impact compliance with data protection regulations such as GDPR and HIPAA, as they may lead to unauthorized access to personal or sensitive data, potentially resulting in regulatory violations and penalties.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
I don't know
What immediate steps should I take to mitigate this vulnerability?
I don't know