CVE Catalog

CVE-2026-35428

Critical
Published: Translated: NVD NIST

Summary

Improper neutralization of special elements used in a command ('command injection') in Azure Cloud Shell allows an unauthorized attacker to perform spoofing over a network.

Risk Assessment

An attacker could exploit this vulnerability to spoof other devices on the network, potentially leading to serious security breaches.

Recommendation

It is recommended to update Azure Cloud Shell to the latest version and implement additional security measures to minimize the risk of command injection.

Original NVD description (English source)

Improper neutralization of special elements used in a command ('command injection') in Azure Cloud Shell allows an unauthorized attacker to perform spoofing over a network.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS