CVE-2026-21226

CVSS v3.1

7.5

High

AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Azure Core shared client library for Python (affected versions not specified)

Description The deserialization of untrusted data in the Azure Core shared client library for Python allows an authorized attacker to execute code over a network. This flaw enables an attacker with network access to potentially achieve remote code execution (RCE).

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

RCE

Deserialization of Untrusted Data

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-502

Related Identifiers

BDU:2026-00805

CVE-2026-21226

GHSA-JM66-CG57-JJV5

OPENSUSE-SU-2026:10161-1

OPENSUSE-SU-2026:20292-1

SUSE-SU-2026:0476-1

SUSE-SU-2026:20617-1

SUSE-SU-2026:20621-1

Affected Products

Azure Core

CVE-2026-21226

Weakness Enumeration

Related Identifiers

Affected Products

References · 25