CVE-2026-21531
CRITICALMicrosoft Azure Conversation Authorin... - Insecure Deserialization
Title source: ruleDescription
Deserialization of untrusted data in Azure SDK allows an unauthorized attacker to execute code over a network.
Exploits (2)
github
WORKING POC
10 stars
by XiaomingX · pythonpoc
https://github.com/XiaomingX/data-cve-poc-py-v1/tree/main/2026/CVE-2026-21531
nomisec
SUSPICIOUS
4 stars
by NetVanguard-cmd · poc
https://github.com/NetVanguard-cmd/CVE-2026-21531
Scores
CVSS v3
9.8
EPSS
0.0048
EPSS Percentile
65.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-502
Status
published
Products (3)
Microsoft/Azure AI Language Authoring
1.0.0 - 1.0.0b4
microsoft/azure_conversation_authoring_client_library
1.0.0 beta1 (3 CPE variants)
pypi/azure-ai-language-conversations-authoring
0 - 1.0.0b4PyPI
Published
Feb 10, 2026
Tracked Since
Feb 18, 2026