CVE-2026-21529

CWE-79 — Cross-site Scripting (XSS)CWE-502 — Deserialization of Untrusted Data5 documents5 sources

Severity

5.4MEDIUM

EPSS

0.0%

top 87.91%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Azure Hdinsight

Timeline

PublishedFeb 10

Latest updateApr 13

Description

Improper neutralization of input during web page generation ('cross-site scripting') in Azure HDInsights allows an authorized attacker to perform spoofing over a network.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:HExploitability: 2.1 | Impact: 3.6

Affected Packages2 packages

▶CVEListV5microsoft/azure_hdinsight1.0 — 5.1

▶NVDmicrosoft/azure_hdinsight< 5.1

🔴Vulnerability Details

GHSA

GHSA-8754-7pfj-x7mr: Improper neutralization of input during web page generation ('cross-site scripting') in Azure HDInsights allows an authorized attacker to perform spoo↗2026-02-10

▶

CVEList

Azure HDInsight Spoofing Vulnerability↗2026-02-10

▶

📋Vendor Advisories

CISA

Microsoft Exchange Server Deserialization of Untrusted Data Vulnerability↗2026-04-13

▶

Microsoft

Azure HDInsight Spoofing Vulnerability↗2026-02-10

▶