Detections
Analytics

Security Update for Azure Core shared client library for Python < 1.38.0 (January 2026)

high Nessus Plugin ID 283875

Language:

Synopsis

The Azure Core shared client library for Python installation on the remote host is affected by an elevation of privilege vulnerability.

Description

The Azure Core shared client library for Python installation on the remote host is missing a security update. It is, therefore, affected by an elevation of privilege vulnerability (CVE-2026-21226).

 - An attacker who successfully exploited this vulnerability could gain elevated privileges by manipulating how the library handles credential caching or environment variable processing in certain configurations.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the 'azure-core' Python package to version 1.38.0 or later.

See Also

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21226

Plugin Details

Severity: High

ID: 283875

File Name: smb_nt_ms26_jan_azure_python_library.nasl

Version: 1.1

Type: local

Agent: windows, macosx, unix

Family: Misc.

Published: 1/14/2026

Updated: 1/14/2026

Configuration: Enable thorough checks (optional)

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: High

Score: 8.4

CVSS v2

Risk Factor: High

Base Score: 7.1

Vector: CVSS2#AV:N/AC:H/Au:S/C:C/I:C/A:C

CVSS Score Source: CVE-2026-21226

CVSS v3

Risk Factor: High

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Vulnerability Information

CPE: cpe:/a:microsoft:azure_core

Patch Publication Date: 1/13/2026

Vulnerability Publication Date: 1/13/2026

Reference Information

CVE: CVE-2026-21226