VDB

GCVE-110-NCSC-2026-82

GCVE-110-NCSC-2026-82
Advisory PublishedCVSS 6.7/10
Vulnetix · Advisory published March 10, 2026
An insecure default initialization vulnerability in Azure Compute Gallery allows an authorized attacker to disclose information over a network.

Weaknesses (CWE)

CWE-287Improper AuthenticationCWE-625Permissive Regular ExpressionCWE-284Improper Access ControlCWE-319Cleartext Transmission of Sensitive InformationCWE-306Missing Authentication for Critical FunctionCWE-923Improper Restriction of Communication Channel to Intended EndpointsCWE-122Heap-based Buffer OverflowCWE-288Authentication Bypass Using an Alternate Path or ChannelCWE-918Server-Side Request Forgery (SSRF)CWE-20Improper Input ValidationCWE-1188Initialization of a Resource with an Insecure DefaultCWE-35Path Traversal: '.../...//'CWE-454External Initialization of Trusted Variables or Data Stores

Risk Scores

CVSS 3.1
6.7/10
Medium · CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

Affected Products

VendorProductVersionsPlatforms
Microsoftvers:unknown/*

References

advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›