Remote Code Execution Vulnerability in Azure Core Shared Client Library for Python
CVE-2026-21226

7.5HIGH

Key Information:

Vendor: Microsoft
Status: Azure Core Shared Client Library For Python
Vendor: CVE Published:; 13 January 2026

What is CVE-2026-21226?

A vulnerability exists in the Azure Core shared client library for Python, which allows an authorized attacker to potentially execute arbitrary code over a network through the deserialization of untrusted data. This could lead to unauthorized actions and compromises in security, necessitating immediate attention to apply relevant patches and safeguard against such exploits.

Affected Version(s)

Azure Core shared client library for Python 1.1.0 < 1.38.0

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...

vendor-advisorypatch

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 13, 2026
Vulnerability Reserved
Dec 11, 2025

JSON

Microsoft

What is CVE-2026-21226?

Affected Version(s)

References

CVSS V3.1

Timeline