CVE-2026-21228

High

Published: 10 February 2026

Published

10 February 2026

Modified

25 February 2026

KEV Added

—

Patch

—

CVSS Score 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0009 25.1th percentile

Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-21228 is a high-severity Improper Certificate Validation (CWE-295) vulnerability in Microsoft Azure Local. Its CVSS base score is 8.1 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 25.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SC-17 (Public Key Infrastructure Certificates) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190). What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SC-17 Public Key Infrastructure Certificates good match

prevent

SC-17 requires verification of PKI certificate validity using defined processes, directly addressing the improper certificate validation in CVE-2026-21228 that enables network-based code execution.

SI-2 Flaw Remediation good match

prevent

SI-2 mandates identification, reporting, and correction of system flaws, including timely patching of the Azure Local certificate validation vulnerability as detailed in the MSRC update guide.

SC-13 Cryptographic Protection partial match

prevent

SC-13 requires implementation of cryptographic protections with proper management of keys and certificates, mitigating risks from flawed certificate validation during network communications.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

Why these techniques?

Improper certificate validation enables unauthenticated remote code execution on a network-accessible Azure Local service, directly mapping to exploitation of public-facing applications for initial access and arbitrary code execution.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

Improper certificate validation in Azure Local allows an unauthorized attacker to execute code over a network.

Deeper analysisAI

CVE-2026-21228 is an improper certificate validation vulnerability (CWE-295) affecting Azure Local. Published on 2026-02-10, it carries a CVSS v3.1 base score of 8.1 (AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating high severity due to its potential for significant confidentiality, integrity, and availability impacts.

An unauthorized attacker can exploit this vulnerability over a network with no required privileges or user interaction, though it demands high attack complexity. Successful exploitation allows the attacker to execute arbitrary code on the affected system.

The Microsoft Security Response Center provides an update guide with details on mitigation and patches at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21228.

Details

CWE(s): CWE-295

Affected Products

microsoft

azure local

≤ 2510.0.3002

CVEs Like This One

CVE-2026-20947Same vendor: Microsoft

CVE-2026-20856Same vendor: Microsoft

CVE-2025-21385Same vendor: Microsoft

CVE-2025-62549Same vendor: Microsoft

CVE-2025-59287Same vendor: Microsoft

CVE-2025-53766Same vendor: Microsoft

CVE-2026-21532Same vendor: Microsoft

CVE-2025-59228Same vendor: Microsoft

CVE-2025-21355Same vendor: Microsoft

CVE-2025-50177Same vendor: Microsoft

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21228
Vendor Advisory · secure@microsoft.com