CVE Catalog
CVE-2026-35428
CriticalSummary
Improper neutralization of special elements used in a command ('command injection') in Azure Cloud Shell allows an unauthorized attacker to perform spoofing over a network.
Risk Assessment
An attacker could exploit this vulnerability to spoof other devices on the network, potentially leading to serious security breaches.
Recommendation
It is recommended to update Azure Cloud Shell to the latest version and implement additional security measures to minimize the risk of command injection.
Original NVD description (English source)
Improper neutralization of special elements used in a command ('command injection') in Azure Cloud Shell allows an unauthorized attacker to perform spoofing over a network.

