CVE-2026-23651 MEDIUM

CVE-2026-23651: Microsoft ACI Confidential Containers Elevation of Privilege Vulnerability

Vendor Microsoft
Product Microsoft ACI Confidential Containers
Weakness CWE-625
Published March 5, 2026
Last update April 14, 2026

CVSS base score

6.7/10
Attack vector Local
Attack complexity Low
Privileges required High
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

What the vulnerability does

01Description

Permissive regular expression in Azure Compute Gallery allows an authorized attacker to elevate privileges locally.

Key dates

02Disclosure timeline

March 5, 2026 CVE published
April 14, 2026 Record updated