CVE-2026-23655: CWE-312: Cleartext Storage of Sensitive Information in Microsoft Microsoft ACI Confidential Containers
Cleartext storage of sensitive information in Azure Compute Gallery allows an authorized attacker to disclose information over a network.
AI Analysis
Technical Summary
This vulnerability (CWE-312) involves the cleartext storage of sensitive information in Microsoft ACI Confidential Containers, specifically within Azure Compute Gallery. An attacker with authorized access and network connectivity could potentially disclose sensitive data due to the lack of encryption at rest. The vulnerability affects version 1.0.0 of the product. Microsoft, as the vendor of this cloud-hosted service, has released an official fix and manages remediation server-side. The CVSS score of 6.5 reflects a medium severity with high confidentiality impact but no integrity or availability impact.
Potential Impact
An authorized attacker with network access can disclose sensitive information stored in cleartext, potentially leading to confidentiality breaches. There is no impact on integrity or availability. No known exploits are currently reported in the wild.
Mitigation Recommendations
Microsoft has released an official fix for this vulnerability and manages remediation for this cloud-hosted service. Users should ensure their Microsoft ACI Confidential Containers environment is updated according to the vendor advisory at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-23655. No additional mitigation actions are required beyond applying the official fix.
CVE-2026-23655: CWE-312: Cleartext Storage of Sensitive Information in Microsoft Microsoft ACI Confidential Containers
Description
Cleartext storage of sensitive information in Azure Compute Gallery allows an authorized attacker to disclose information over a network.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This vulnerability (CWE-312) involves the cleartext storage of sensitive information in Microsoft ACI Confidential Containers, specifically within Azure Compute Gallery. An attacker with authorized access and network connectivity could potentially disclose sensitive data due to the lack of encryption at rest. The vulnerability affects version 1.0.0 of the product. Microsoft, as the vendor of this cloud-hosted service, has released an official fix and manages remediation server-side. The CVSS score of 6.5 reflects a medium severity with high confidentiality impact but no integrity or availability impact.
Potential Impact
An authorized attacker with network access can disclose sensitive information stored in cleartext, potentially leading to confidentiality breaches. There is no impact on integrity or availability. No known exploits are currently reported in the wild.
Mitigation Recommendations
Microsoft has released an official fix for this vulnerability and manages remediation for this cloud-hosted service. Users should ensure their Microsoft ACI Confidential Containers environment is updated according to the vendor advisory at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-23655. No additional mitigation actions are required beyond applying the official fix.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- microsoft
- Date Reserved
- 2026-01-14T16:59:33.462Z
- Cvss Version
- 3.1
- State
- PUBLISHED
- Remediation Level
- official-fix
- Is Cloud Service
- true
- Vendor Advisory Urls
- [{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-23655","vendor":"Microsoft"}]
Threat ID: 698b76074b57a58fa120a6cb
Added to database: 2/10/2026, 6:16:39 PM
Last enriched: 5/12/2026, 5:16:37 AM
Last updated: 5/22/2026, 7:24:01 AM
Views: 373
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.