Cyber Resilience

CVE-2026-26148

High

Published: 10 March 2026

Published
10 March 2026
Modified
13 March 2026
KEV Added
Patch
CVSS Score v3.1 8.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
EPSS Score 0.0036 27.7th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2026-26148 is a high-severity External Initialization of Trusted Variables or Data Stores (CWE-454) vulnerability in Microsoft Azure Ad Ssh Login Extension For Linux. Its CVSS base score is 8.1 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 27.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-25 (Reference Monitor) and SI-10 (Information Input Validation).

Deeper analysis

CVE-2026-26148, published on 2026-03-10, is a vulnerability involving external initialization of trusted variables or data stores in Azure Entra ID. This flaw, classified under CWE-454 (External Initialization of Trusted Variables or Data Stores) and NVD-CWE-noinfo, carries a CVSS v3.1 base score of 8.1 (AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H), indicating high severity due to its potential for significant confidentiality, integrity, and availability impacts with a changed scope.

An unauthorized attacker with local access (AV:L) can exploit this vulnerability despite requiring no privileges (PR:N). The attack demands high complexity (AC:H) and no user interaction (UI:N), but successful exploitation enables privilege escalation locally, resulting in high impacts across confidentiality, integrity, and availability (C:H/I:H/A:H) within a changed scope (S:C).

For mitigation details, refer to the official advisory at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26148.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

External initialization of trusted variables or data stores in Azure Entra ID allows an unauthorized attacker to elevate privileges locally.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques?

The vulnerability enables local privilege escalation through exploitation, directly mapping to T1068: Exploitation for Privilege Escalation.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-20853Same vendor: Microsoft
CVE-2026-20877Same vendor: Microsoft
CVE-2026-20860Same vendor: Microsoft
CVE-2026-24294Same vendor: Microsoft
CVE-2025-21418Same vendor: Microsoft
CVE-2026-24290Same vendor: Microsoft
CVE-2026-40417Same vendor: Microsoft
CVE-2026-21235Same vendor: Microsoft
CVE-2026-20871Same vendor: Microsoft
CVE-2025-24048Same vendor: Microsoft

Affected Assets

microsoft
azure ad ssh login extension for linux
1.0.0 — 1.0.033370002

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly mitigates CWE-454 by requiring validation of external information inputs before they are trusted as variables or data stores in Azure Entra ID.

prevent

Implements a reference monitor mechanism to mediate and enforce access to trusted variables or data stores, preventing unauthorized external initialization and local privilege escalation.

prevent

Enforces least privilege to restrict the privileges available for escalation even if external initialization of trusted variables succeeds.

References