CVE-2026-40411
published 2026-05-22CVE-2026-40411: Improper input validation in Azure Virtual Network Gateway allows an authorized attacker to execute code over a network.
PriorityP262high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EPSS
0.53%
40.5th percentile
Improper input validation in Azure Virtual Network Gateway allows an authorized attacker to execute code over a network.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | azure_virtual_network_gateway | — | — |
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
cvelistv5v3.19.9CRITICALCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-g63w-3vwq-rqw8: Improper input validation in Azure Virtual Network Gateway allows an authorized attacker to execute code over a network
ghsa_unreviewed·2026-05-26
CVE-2026-40411 [CRITICAL] CWE-20 GHSA-g63w-3vwq-rqw8: Improper input validation in Azure Virtual Network Gateway allows an authorized attacker to execute code over a network
Improper input validation in Azure Virtual Network Gateway allows an authorized attacker to execute code over a network.
VulDB
Microsoft Azure Virtual Network Gateway input validation
vuldb·2026-05-23
CVE-2026-40411 Microsoft Azure Virtual Network Gateway input validation
A vulnerability, which was classified as very critical, has been found in Microsoft Azure Virtual Network Gateway. Affected by this issue is some unknown functionality. Performing a manipulation results in improper input validation.
This vulnerability is cataloged as CVE-2026-40411. It is possible to initiate the attack remotely. There is no exploit available.
This product operates as a managed service, which prevents users from maintaining vulnerability countermeasures themselves.
CVEList
Azure Virtual Network Gateway Remote Code Execution Vulnerability
cvelistv5·2026-05-22·CVSS 9.9
CVE-2026-40411 [CRITICAL] CWE-20 Azure Virtual Network Gateway Remote Code Execution Vulnerability
Azure Virtual Network Gateway Remote Code Execution Vulnerability
Improper input validation in Azure Virtual Network Gateway allows an authorized attacker to execute code over a network.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2026-05-22
Published