Multiple vulnerabilities in Microsoft Azure Linux (July 7, 2026)
Multiple vulnerabilities have been discovered in Microsoft Azure Linux. They allow an attacker to cause an unspecified security issue by the vendor.
CSIRTS triage
- What
- Multiple vulnerabilities allow for unspecified security issues.
- Who is affected
- Deployments of Microsoft Azure Linux are affected.
- Urgency
- The urgency is unclear due to the unspecified nature of the vulnerabilities.
- Action
- Check for updates and apply any available patches.
AI-assisted analysis generated from the source advisory — verify against the original.
⚡ Watch Microsoft Azure Linux
Get an email when a new Microsoft Azure Linux advisory drops — max one per day, one-click unsubscribe.
Details
Original advisory: https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0841/
Exploitation outlook
EPSS (FIRST.org) estimates each CVE’s probability of exploitation in the next 30 days — here is the CSIRTS.com read on those numbers.
- Low exploitation riskCVE-2026-135950.11% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 2% of all scored CVEs.
- Low exploitation riskCVE-2025-156610.27% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 18% of all scored CVEs.
- Low exploitation riskCVE-2026-142580.25% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 16% of all scored CVEs.
- Low exploitation riskCVE-2026-31960.10% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 1% of all scored CVEs.
- Low exploitation riskCVE-2026-116230.12% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 3% of all scored CVEs.
- Low exploitation riskCVE-2026-415790.22% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 13% of all scored CVEs.
- Low exploitation riskCVE-2026-116250.31% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 23% of all scored CVEs.
- Low exploitation riskCVE-2026-580580.28% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 20% of all scored CVEs.
- Low exploitation riskCVE-2026-551990.41% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 33% of all scored CVEs.
Referenced CVEs
| CVE | CSIRTS overview | External |
|---|---|---|
| CVE-2026-13595 | coverage & exploitation status | NVD · CVE.org |
| CVE-2025-15661 | coverage & exploitation status | NVD · CVE.org |
| CVE-2026-14258 | coverage & exploitation status | NVD · CVE.org |
| CVE-2026-3196 | coverage & exploitation status | NVD · CVE.org |
| CVE-2026-11623 | coverage & exploitation status | NVD · CVE.org |
| CVE-2026-41579 | coverage & exploitation status | NVD · CVE.org |
| CVE-2026-11625 | coverage & exploitation status | NVD · CVE.org |
| CVE-2026-58058 | coverage & exploitation status | NVD · CVE.org |
| CVE-2026-55199 | coverage & exploitation status | NVD · CVE.org |
Same CVEs, other sources
How other CERTs, PSIRTs and databases cover the vulnerabilities in this advisory.
- high[UPDATE] [high] libssh2: Multiple vulnerabilitiescert-bund
- medium[UPDATE] [medium] nmap: Vulnerability allows denial of servicecert-bund
- mediumCVE-2026-14258: Dhcpcd: dhcpcd infinite loop and out-of-bounds read via zero-length ipv6 nd option in router a…msrc
- lowCVE-2026-41579: runc: Malicious image with /dev symlink can trigger limited host filesystem integrity violatio…msrc
- mediumCVE-2026-14258: A flaw was found in dhcpcd's IPv6 Neighbor Discovery Router Advertisement processing. A specia…nvd
- lowCVE-2026-41579: runc is a CLI tool for spawning and running containers according to the OCI specification. In …nvd
- mediumCVE-2026-13595: A flaw was found in the libblkid library of util-linux. During nested partition probing, the B…nvd
- mediumCVE-2026-58058: Nmap through 7.99 does not keep the IPv6 extension-header walk within the captured packet in i…nvd
- highCVE-2026-11625: Bytes::Random::Secure versions through 0.29 for Perl share internal state across forked proces…nvd
- unknownDSA-6365-1 libssh2 - security updatedebian
- unknownNCSC-2026-0210 [1.01] [M/H] Vulnerabilities fixed in libssh2 by libsshncsc-nl
- mediumCVE-2025-15661: libssh2 - Heap Buffer Over-read via sftp_symlink() in sftp.cmsrc
Recent advisories for Microsoft Azure Linux
A cluster of recent advisories against the same product widens the attack surface — attackers routinely chain freshly published CVEs on one product, so review these together.
- unknownMultiple vulnerabilities in Microsoft Azure Linux (July 10, 2026)cert-fr-avis · 2026-07-10
- unknownMultiple vulnerabilities in Microsoft Azure Linux (July 09, 2026)cert-fr-avis · 2026-07-09
- unknownMultiple vulnerabilities in Microsoft Azure Linux (June 29, 2026)cert-fr-avis · 2026-06-29
- unknownMultiple vulnerabilities in Microsoft Azure Linux (June 25, 2026)cert-fr-avis · 2026-06-25
- unknownMultiple vulnerabilities in Microsoft Azure Linux (June 24, 2026)cert-fr-avis · 2026-06-24
More from CERT-FR Avis de sécurité
- unknownMultiple vulnerabilities in Progress MOVEit Transfer (July 10, 2026)2026-07-10
- unknownVulnerability in NetApp ONTAP 9 (July 10, 2026)2026-07-10
- unknownMultiple vulnerabilities in Red Hat Linux kernel (July 10, 2026)2026-07-10
- unknownVulnerability in CPython (July 10, 2026)2026-07-10
- unknownMultiple vulnerabilities in Ubuntu Linux kernel (July 10, 2026)2026-07-10