CVE-2026-47643: Azure Stack Edge Remote Code Execution Vulnerability

Overview

Severity

Critical (CVSS 9.8)

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

Category

Remote Code Execution

Exploit Status

Not Exploited

Exploitation Likelihood

Unlikely

Patch Tuesday

2026-Jun

Released

2026-06-09

Description

External control of file name or path in Azure Stack Edge allows an unauthorized attacker to execute code over a network.

FAQ

How could an attacker exploit this vulnerability? An attacker could send a specially crafted file upload request that includes a manipulated file name or path. Because the application does not properly restrict or validate this input, the attacker could cause the file to be written outside the intended folder, potentially overwriting or creating files in other locations on the system.

Affected Products (1)

Azure

• Azure Stack Edge

Security Updates (1)

• Release Notes

Acknowledgments

<a href="https://www.linkedin.com/in/hay-mizrachi/">Hay Mizrachi</a> with <a href="https://microsoft.com/">Microsoft</a>

Revision History

• 2026-06-09: Information published.