CVE-2026-41104 CRITICAL

CVE-2026-41104: Microsoft Planetary Computer Pro Information Disclosure Vulnerability

Vendor Microsoft

Product Microsoft Planetary Computer Pro (GeoCatalog)

Weakness CWE-502 · Unsafe deserialization

Published May 22, 2026

Last update June 9, 2026

CVSS base score

10.0/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction None

Confidentiality High

Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C

What the vulnerability does

01Description

Deserialization of untrusted data in Microsoft Planetary Computer Pro allows an unauthorized attacker to disclose information over a network.

Key dates

May 22, 2026 CVE published

June 9, 2026 Record updated

External resources

Related vulnerabilities

CVE CVE-2026-41104

CWE CWE-502

CVSS 10.0 / CRITICAL

Vendor Microsoft

Product Microsoft Planetary Computer Pro (GeoCatalog)

Affected -