CVE-2026-21531
published 2026-02-10CVE-2026-21531: Deserialization of untrusted data in Azure SDK allows an unauthorized attacker to execute code over a network.
PriorityP269critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
2.34%
81.5th percentile
Deserialization of untrusted data in Azure SDK allows an unauthorized attacker to execute code over a network.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | azure_ai_language_authoring | >= 1.0.0 < 1.0.0b4 | 1.0.0b4 |
| microsoft | azure_conversation_authoring_client_library | — | — |
| msrc | azure_ai_language_authoring | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Monitor for processing of externally-supplied continuation tokens by the Azure AI Language Conversations Authoring SDK, which may trigger unsafe deserialization and remote code execution. ↗
- →Flag use of azure-ai-language-conversations-authoring versions prior to 1.0.0b4 in software inventory, as these are vulnerable to unsafe deserialization of untrusted data. ↗
- ·Exploitation requires the attacker to supply a maliciously crafted continuation token to the SDK; applications that accept continuation tokens from untrusted/external sources are at highest risk. ↗
- ·Customer action is required — patching to the fixed release (1.0.0b4) is not automatic and must be performed by the SDK consumer. ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
vendor_msrc9.8CRITICAL
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
Azure AI Language Authoring Elevation of Privilege Vulnerability can Lead to RCE
ghsa·2026-02-10
CVE-2026-21531 [CRITICAL] CWE-502 Azure AI Language Authoring Elevation of Privilege Vulnerability can Lead to RCE
Azure AI Language Authoring Elevation of Privilege Vulnerability can Lead to RCE
Deserialization of untrusted data in the Azure AI Language Conversations Authoring client library for Python allows an unauthorized attacker to execute code over a network.
OSV
Azure AI Language Authoring Elevation of Privilege Vulnerability can Lead to RCE
osv·2026-02-10
CVE-2026-21531 [CRITICAL] Azure AI Language Authoring Elevation of Privilege Vulnerability can Lead to RCE
Azure AI Language Authoring Elevation of Privilege Vulnerability can Lead to RCE
Deserialization of untrusted data in the Azure AI Language Conversations Authoring client library for Python allows an unauthorized attacker to execute code over a network.
Microsoft
Azure SDK for Python Remote Code Execution Vulnerability
vendor_msrc·2026-02-10·CVSS 9.8
CVE-2026-21531 [CRITICAL] CWE-502 Azure SDK for Python Remote Code Execution Vulnerability
Azure SDK for Python Remote Code Execution Vulnerability
Description: Deserialization of untrusted data in Azure SDK allows an unauthorized attacker to execute code over a network.
FAQ: How could an attacker exploit this vulnerability?
An attacker could supply a maliciously crafted continuation token that, when processed by the Azure AI Language Conversations Authoring SDK, triggers unsafe deserialization and executes attacker‑controlled code on the system using the SDK.
Azure SDK: Azure SDK
Microsoft: Microsoft
Customer Action Required: Yes
Impact: Remote Code Execution
Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
Remediation: Release Notes
Reference: https://pypi.org/project/azure-ai-language-conversations-authoring/1.0.0b4/
No detection rules found.
No public exploits indexed.
Sophos
February’s Patch Tuesday assumes battle stations
blogs_sophos·2026-02-13
February’s Patch Tuesday assumes battle stations
Akuter Cyberangriff? Fordern Sie Sofort-Hilfe an
Sophos Central
Partner-Portal
Lizenzen & Accounts
Sophos Home
Sophos Central
Sophos-Central-Anmeldung
Sophos KI
Integrationen
Threat Intelligence
Testversion
Endpoint Protection (Next-Gen Antivirus)
EDR – Endpoint Detection and Response
Server Protection
Mobile Security
XDR – Extended Detection and Response
XDR mit Next-Gen SIEM
ITDR – Identity Threat Detection and Response
Next-Gen Firewall (NGFW)
NDR – Network Detection and Response
Netzwerk-Switches
Wireless Access Points
Workspace Protection
Protected Browser
Zero Trust Network Access (ZTNA)
DNS Protection
Email Monitoring System
E-Mail- und Phishing-Schutz
Awareness-Training für Mitarbeitende
Schutz für Cloud Workloads
Cloud Security Posture Management (CSP
Bleepingcomputer
Microsoft February 2026 Patch Tuesday fixes 6 zero-days, 58 flaws
blogs_bleepingcomputer·2026-02-10·CVSS 8.8
[HIGH] Microsoft February 2026 Patch Tuesday fixes 6 zero-days, 58 flaws
## Microsoft February 2026 Patch Tuesday fixes 6 zero-days, 58 flaws
## Lawrence Abrams
25 Elevation of Privilege vulnerabilities
5 Security Feature Bypass vulnerabilities
12 Remote Code Execution vulnerabilities
6 Information Disclosure vulnerabilities
3 Denial of Service vulnerabilities
7 Spoofing vulnerabilities
When BleepingComputer reports on Patch Tuesday security updates, we only count those released by Microsoft today. Therefore, the number of flaws does not include 3 Microsoft Edge flaws fixed earlier this month.
As part of these updates, Microsoft has also begun to roll out updated Secure Boot certificates to replace the original 2011 certificates that are expiring in late June 2026.
"With this update, Windows quality updates include a broad set of targeting data that i
Wiz
CVE-2026-21531 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 9.8
CVE-2026-21531 [CRITICAL] CVE-2026-21531 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-21531 :
Python vulnerability analysis and mitigation
Deserialization of untrusted data in Azure SDK allows an unauthorized attacker to execute code over a network.
Source : NVD
## 9.8
Score
Published February 10, 2026
Severity CRITICAL
CNA Score 9.8
Affected Technologies
Python
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 64
Exploitation Probability (EPSS) 0.5
Affected packages and libraries
azure-ai-language-conversations-authoring
Sources
NVD
pip Severity CRITICAL Has Fix Added at: Feb 15, 2026
## Get a CVE risk assessment
Get a prioritized view of CVEs in your cloud—so you can focus on what's exploitable, not just what's listed.
## Related Python vulnerabi
Sophos
February’s Patch Tuesday assumes battle stations
blogs_sophos
February’s Patch Tuesday assumes battle stations
Share This
Microsoft on Tuesday released 58 patches affecting 15 product families. Five of the addressed issues, all involving Azure, are considered by Microsoft to be of Critical severity, though only two require urgent attention (more on that below). Fifteen have a CVSS base score of 8.0 or higher, including two with a 9.8 base score. Six are known to be under active exploit in the wild, and three are publicly disclosed (including one not yet known to be under exploit).
At patch time, five CVEs are judged more likely to be exploited in the next 30 days by the company’s estimation, in addition to the six already detected to be so. Various of this month’s issues are amenable to direct detection by Sophos protections, and we include information on those in a table below. The release also
2026-02-10
Published