Privilege Escalation Vulnerability in Azure Entra ID by Microsoft
CVE-2026-26148

8.1HIGH

Key Information:

Vendor: Microsoft
Status: Microsoft Azure Ad Ssh Login Extension For Linux
Vendor: CVE Published:; 10 March 2026

What is CVE-2026-26148?

A configuration issue within Azure Entra ID permits unauthorized access by allowing attackers to externally initialize trusted variables or data stores. This flaw could potentially lead to local privilege escalation, enabling unauthorized users to gain elevated access and control over the affected system. Microsoft is actively working to mitigate this vulnerability and advises users to apply available patches as they become available.

Affected Version(s)

Microsoft Azure AD SSH Login extension for Linux 1.0.0 < 1.0.033370002

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...

vendor-advisorypatch

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 10, 2026
Vulnerability Reserved
Feb 11, 2026

CVE-2026-26148 Data

JSON