Cross-Site Scripting Vulnerability in Azure HDInsights by Microsoft
CVE-2026-21529

5.7MEDIUM

Key Information:

Vendor

Microsoft

Vendor
CVE Published:
10 February 2026

What is CVE-2026-21529?

An issue in Azure HDInsights has been identified where improper neutralization of input during the web page generation can lead to cross-site scripting. This vulnerability may allow an authorized attacker to manipulate or spoof content served through the web application, thereby compromising user trust and security over a network. It is crucial for users and administrators to be aware of this risk and apply necessary updates as outlined in the vendor's advisory.

Affected Version(s)

Azure HDInsight 1.0 < 5.1

References

CVSS V3.1

Score:
5.7
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.