Remote Code Execution Vulnerability in Azure Virtual Network Gateway by Microsoft
CVE-2026-40411

9.9CRITICAL

Key Information:

Vendor: Microsoft
Status: Azure Virtual Network Gateway
Vendor: CVE Published:; 22 May 2026

What is CVE-2026-40411?

A remote code execution vulnerability exists in Azure Virtual Network Gateway due to improper input validation. An attacker with authorized access can exploit this flaw to execute arbitrary code over the network, potentially compromising sensitive data and network operations. Organizations using this product should take immediate action to apply relevant patches to mitigate risks.

Affected Version(s)

Azure Virtual Network Gateway -

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...

vendor-advisorypatch

CVSS V3.1

Score:

9.9

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 22, 2026
Vulnerability Reserved
Apr 13, 2026

CVE-2026-40411 Data

JSON