CVE-2026-21529

Опубликовано: 10 фев. 2026

Источник: msrc

CVSS3: 5.7

EPSS Низкий

Описание

Azure HDInsight Spoofing Vulnerability

Improper neutralization of input during web page generation ('cross-site scripting') in Azure HDInsights allows an authorized attacker to perform spoofing over a network.

FAQ

According to the CVSS metric, user interaction is required (UI:R) and privileges required is Low (PR:L). What does that mean for this vulnerability?

An authorized attacker with privileges could send controlled inputs to exploit this vulnerability.

What additional customer action is needed to be protected?

The customer action needed is to restart Ambari server in both of the head nodes to have this fix updated.

Обновления

Продукт	Статья	Обновление
Azure HDInsight	Release Notes Release Notes	Security Update Security Update

Показывать по

Возможность эксплуатации

Publicly Disclosed

Exploited

Latest Software Release

Exploitation Unlikely

EPSS

Процентиль: 12%

0.0004

Низкий

5.7 Medium

CVSS3

Связанные уязвимости

CVE-2026-21529

CVSS3: 5.7

nvd

около 2 месяцев назад

Improper neutralization of input during web page generation ('cross-site scripting') in Azure HDInsights allows an authorized attacker to perform spoofing over a network.

GHSA-8754-7pfj-x7mr

CVSS3: 5.7

github

около 2 месяцев назад

Improper neutralization of input during web page generation ('cross-site scripting') in Azure HDInsights allows an authorized attacker to perform spoofing over a network.

BDU:2026-01811

CVSS3: 5.7

fstec

около 2 месяцев назад

Уязвимость службы аналитики данных Azure HDInsights, связанная с непринятием мер по защите структуры веб-страницы, позволяющая нарушителю проводить спуфинг-атаки

EPSS

Процентиль: 12%

0.0004

Низкий

5.7 Medium

CVSS3