VDB
GCVE-110-NCSC-2026-82
GCVE-110-NCSC-2026-82
Advisory PublishedCVSS 6.7/10
An insecure default initialization vulnerability in Azure Compute Gallery allows an authorized attacker to disclose information over a network.
Weaknesses (CWE)
CWE-287Improper AuthenticationCWE-625Permissive Regular ExpressionCWE-284Improper Access ControlCWE-319Cleartext Transmission of Sensitive InformationCWE-306Missing Authentication for Critical FunctionCWE-923Improper Restriction of Communication Channel to Intended EndpointsCWE-122Heap-based Buffer OverflowCWE-288Authentication Bypass Using an Alternate Path or ChannelCWE-918Server-Side Request Forgery (SSRF)CWE-20Improper Input ValidationCWE-1188Initialization of a Resource with an Insecure DefaultCWE-35Path Traversal: '.../...//'CWE-454External Initialization of Trusted Variables or Data Stores
Risk Scores
CVSS 3.1
6.7/10
Medium · CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Affected Products
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| Microsoft | vers:unknown/* | — | — |
Explore Further
Investigate this vulnerability in the interactive console or download the raw GCVE record.