Heap-based Buffer Overflow in Azure Linux Virtual Machines from Microsoft
CVE-2026-23665

7.8HIGH

Key Information:

Vendor: Microsoft
Status: Azure Linux Virtual Machines With Azure Diagnostics Extension
Vendor: CVE Published:; 10 March 2026

What is CVE-2026-23665?

A heap-based buffer overflow vulnerability has been identified in Azure Linux Virtual Machines that allows an authorized attacker to elevate privileges locally. This flaw could potentially grant unauthorized access to sensitive components of the system, compromising its integrity and security. Users are advised to review the official advisory for patching and mitigation strategies.

Affected Version(s)

Azure Linux Virtual Machines with Azure Diagnostics extension 1.0.0 < 2.1.24

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...

vendor-advisorypatch

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 10, 2026
Vulnerability Reserved
Jan 14, 2026

CVE-2026-23665 Data

JSON