Primary

Context

Microsoft Azure SDK Deserialization Vulnerability Leading to Remote Code Execution

Vulnerability

A remote code execution vulnerability has been identified in the Azure SDK for Python. This issue arises from the deserialization of untrusted data, which allows an unauthorized attacker to execute code over the network. The vulnerability is present in the Azure AI Language Conversations Authoring SDK, specifically in version 1.0.0b4.

Impact

Exploitation of this vulnerability allows for remote code execution on the system where the affected Azure SDK is used.

Reproduction

To reproduce this vulnerability, an attacker can supply a maliciously crafted continuation token to the Azure AI Language Conversations Authoring SDK. When the SDK processes this token, it triggers unsafe deserialization, leading to the execution of attacker-controlled code on the system.

Remediation

Users can update to version 1.0.0b4 of the Azure AI Language Conversations Authoring SDK to address this vulnerability.

Added: Feb 10, 2026, 6:27 PM

Updated: Feb 10, 2026, 6:27 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

7.1

remediation

0.0

relevance

2.7

threat

1.6

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

7.1

remediation

0.0

relevance

2.7

threat

1.6

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Microsoft Azure SDK Deserialization Vulnerability Leading to Remote Code Execution

Vulnerability

Impact

Reproduction

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating