CVE-2026-21522 is a vulnerability classified under CWE-77 (Improper Neutralization of Special Elements used in a Command, i.e., command injection) affecting Microsoft ACI Confidential Containers, a component of Azure Compute Gallery. The vulnerability arises from insufficient sanitization of special characters or elements in commands processed by the container environment, enabling an attacker with authorized access and high privileges to inject and execute arbitrary commands locally. This can lead to privilege escalation, allowing the attacker to gain unauthorized control over containerized workloads or the host environment. The affected version is 1.0.0, and the vulnerability was published on February 10, 2026. The CVSS v3.1 base score is 6.7, indicating a medium severity level, with the vector AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H, meaning the attack requires local access, low complexity, high privileges, no user interaction, and impacts confidentiality, integrity, and availability. No public exploits have been reported, and no patches are currently linked, suggesting that mitigation may rely on vendor updates or configuration changes. The vulnerability's exploitation could compromise sensitive data, disrupt services, or allow further lateral movement within affected environments.

For European organizations, the impact of CVE-2026-21522 is significant due to the potential for local privilege escalation within containerized environments running on Azure infrastructure. Confidentiality could be compromised by unauthorized access to sensitive container workloads or data. Integrity risks include unauthorized modification of containerized applications or configurations, potentially leading to persistent backdoors or altered behavior. Availability could be affected if attackers disrupt container operations or the underlying host. Organizations relying on Microsoft ACI Confidential Containers for critical workloads, especially in regulated sectors such as finance, healthcare, or government, face increased risk of data breaches or service outages. The requirement for high privileges limits exposure to insiders or compromised accounts but does not eliminate risk, especially in complex cloud environments where privilege boundaries may be blurred. The lack of current public exploits provides a window for proactive mitigation, but the absence of patches necessitates immediate compensating controls.

1. Restrict access to Microsoft ACI Confidential Containers to only trusted administrators and users with a strict need for high privileges. 2. Implement robust identity and access management (IAM) policies, including multi-factor authentication and least privilege principles, to reduce the risk of credential compromise. 3. Monitor and audit container activity and command execution logs for unusual or unauthorized commands indicative of exploitation attempts. 4. Isolate container workloads and limit lateral movement by using network segmentation and container runtime security features. 5. Stay informed on vendor advisories and apply patches or updates promptly once available. 6. Consider deploying runtime application self-protection (RASP) or container security tools that can detect and block command injection attempts. 7. Conduct regular security assessments and penetration testing focused on container environments to identify and remediate similar injection vulnerabilities. 8. Use input validation and sanitization best practices in any custom scripts or automation interacting with the container environment to prevent injection vectors.