CVE-2026-23651: Microsoft ACI Confidential Containers Elevation of Privilege Vulnerability

Overview

Severity

Medium (CVSS 6.7)

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

Category

Elevation of Privilege

Exploit Status

Not Exploited

Exploitation Likelihood

Less Likely

Patch Tuesday

2026-Mar

Released

2026-03-05

Description

Permissive regular expression in Azure Compute Gallery allows an authorized attacker to elevate privileges locally.

Affected Products (1)

Azure

• Microsoft ACI Confidential Containers

Acknowledgments

<a href="https://x.com/yuvalavra">Yuval Avrahami</a>

Revision History

• 2026-03-05: Information published.