ZDI-26-275: Microsoft Qlib _mount_nfs_uri Command Injection Remote Code Execution Vulnerability
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Microsoft Qlib. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 8.8.
AI Analysis
Technical Summary
The Microsoft Qlib _mount_nfs_uri function contains a command injection vulnerability that permits remote code execution by network-adjacent attackers without requiring authentication. The vulnerability arises from insufficient validation of user input before it is used in a system call, enabling attackers to execute arbitrary commands with root privileges. This issue has been assigned a CVSS score of 8.8 by the Zero Day Initiative. The vulnerability was reported to Microsoft on May 22, 2025, and a patch was released on May 31, 2025. The advisory was publicly released on April 15, 2026.
Potential Impact
Successful exploitation allows an attacker to execute arbitrary code with root privileges on affected Microsoft Qlib installations. This can lead to full system compromise, including confidentiality, integrity, and availability impacts. No authentication is required, increasing the risk of exploitation by network-adjacent attackers.
Mitigation Recommendations
An official patch addressing this vulnerability was released by Microsoft on May 31, 2025. Users and administrators should apply this update immediately to remediate the issue. Since this is not a cloud service, remediation depends on applying the vendor-provided fix. No additional mitigation steps are indicated in the advisory.
ZDI-26-275: Microsoft Qlib _mount_nfs_uri Command Injection Remote Code Execution Vulnerability
Description
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Microsoft Qlib. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 8.8.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
The Microsoft Qlib _mount_nfs_uri function contains a command injection vulnerability that permits remote code execution by network-adjacent attackers without requiring authentication. The vulnerability arises from insufficient validation of user input before it is used in a system call, enabling attackers to execute arbitrary commands with root privileges. This issue has been assigned a CVSS score of 8.8 by the Zero Day Initiative. The vulnerability was reported to Microsoft on May 22, 2025, and a patch was released on May 31, 2025. The advisory was publicly released on April 15, 2026.
Potential Impact
Successful exploitation allows an attacker to execute arbitrary code with root privileges on affected Microsoft Qlib installations. This can lead to full system compromise, including confidentiality, integrity, and availability impacts. No authentication is required, increasing the risk of exploitation by network-adjacent attackers.
Mitigation Recommendations
An official patch addressing this vulnerability was released by Microsoft on May 31, 2025. Users and administrators should apply this update immediately to remediate the issue. Since this is not a cloud service, remediation depends on applying the vendor-provided fix. No additional mitigation steps are indicated in the advisory.
Technical Details
- Article Source
- {"url":"http://www.zerodayinitiative.com/advisories/ZDI-26-275/","fetched":true,"fetchedAt":"2026-05-26T19:58:30.503Z","wordCount":179}
Threat ID: 6a15fc93e29bf47b5055e07d
Added to database: 5/26/2026, 8:03:31 PM
Last enriched: 5/26/2026, 8:08:49 PM
Last updated: 5/27/2026, 4:58:17 AM
Views: 3
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.