Vulnerabilities CVE-2026-21226 Detail Description Deserialization of untrusted data in Azure Core shared client library for Python allows an authorized attacker to execute code over a network. Metrics NVD enrichment efforts reference publicly available information to associate vector strings. CVSS information contributed by other sources is also displayed. CVSS 4.0 Severity and Vector Strings: NIST: NVD N/A NVD assessment not yet provided. CVSS 3.x Severity and Vector Strings: CNA: Microsoft Corporation Base Score: 7.5 HIGH Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS 2.0 Severity and Vector Strings: NIST: NVD Base Score: N/A NVD assessment not yet provided. References to Advisories, Solutions, and Tools By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to [email protected] . URL Source(s) Tag(s) https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21226 Microsoft Corporation Vendor Advisory Weakness Enumeration CWE-ID CWE Name Source CWE-502 Deserialization of Untrusted Data Microsoft Corporation Known Affected Software Configurations Switch to CPE 2.2 CPEs loading, please wait. Change History 3 change records found show changes Reanalysis by NIST 2/05/2026 12:58:29 PM Action Type Old Value New Value Changed CPE Configuration OR *cpe:2.3:a:microsoft:azure_sdk_for_python:*:*:*:*:*:*:*:* versions from (including) 1.1.0 up to (including) 1.38.0 OR *cpe:2.3:a:microsoft:azure_core_shared_client_library:*:*:*:*:*:python:*:* versions from (including) 1.1.0 up to (excluding) 1.38.0 Initial Analysis by NIST 1/20/2026 1:23:54 PM Action Type Old Value New Value Added CPE Configuration OR *cpe:2.3:a:microsoft:azure_sdk_for_python:*:*:*:*:*:*:*:* versions from (including) 1.1.0 up to (including) 1.38.0 Added Reference Type Microsoft Corporation: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21226 Types: Vendor Advisory New CVE Received from Microsoft Corporation 1/13/2026 2:16:23 PM Action Type Old Value New Value Added Description Deserialization of untrusted data in Azure Core shared client library for Python allows an authorized attacker to execute code over a network. Added CVSS V3.1 AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Added CWE CWE-502 Added Reference https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21226 Quick Info CVE Dictionary Entry: CVE-2026-21226 NVD Published Date: 01/13/2026 NVD Last Modified: 02/05/2026 Source: Microsoft Corporation