📄 Description (English)
Improper input validation in Azure Compute Gallery allows an authorized attacker to disclose information over a network.
🤖 AI Executive Summary
CVE-2026-26147 is a high-severity information disclosure vulnerability in Azure Compute Gallery affecting authorized users. The improper input validation flaw allows attackers with valid credentials to extract sensitive information over the network. With a CVSS score of 7.7 and no available patch, this poses an immediate risk to organizations using Azure infrastructure for image management and deployment.
📄 Description (Arabic)
🤖 AI Intelligence Analysis Analyzed: May 26, 2026 19:36
🇸🇦 Saudi Arabia Impact Assessment
Saudi organizations heavily reliant on Azure cloud infrastructure face significant risk, particularly: (1) Banking sector (SAMA-regulated institutions) storing customer data and transaction images in Azure Compute Gallery; (2) Government agencies (NCA oversight) using Azure for secure image repositories; (3) Healthcare providers managing medical imaging and patient records; (4) Energy sector (ARAMCO and subsidiaries) utilizing Azure for operational technology image management; (5) Telecommunications (STC, Mobily) managing infrastructure images. The vulnerability allows authorized insiders or compromised accounts to exfiltrate sensitive operational and customer data without detection.
🏢 Affected Saudi Sectors
Banking and Financial Services
Government and Public Administration
Healthcare and Medical Services
Energy and Utilities
Telecommunications
Cloud Service Providers
Enterprise IT Infrastructure
🎯 MITRE ATT&CK Techniques
⚖️ Saudi Risk Score (AI)
7.8
/ 10.0
🔧 Remediation Steps (English)
Immediate Actions:
1. Audit all Azure Compute Gallery access logs for suspicious activity and unauthorized image access attempts
2. Review and restrict Azure Compute Gallery permissions to principle of least privilege; remove unnecessary user access
3. Enable Azure Activity Logging and configure alerts for Compute Gallery read/export operations
4. Implement network segmentation to limit Compute Gallery access to authorized networks only
5. Enforce multi-factor authentication (MFA) for all accounts with Compute Gallery access
Compensating Controls (until patch available):
6. Deploy Azure Policy to restrict Compute Gallery operations by resource type and location
7. Implement Azure Sentinel detection rules for anomalous Compute Gallery queries and bulk image access
8. Enable Azure Storage encryption and implement customer-managed keys for sensitive image repositories
9. Conduct immediate credential audit; rotate passwords for all privileged Azure accounts
10. Monitor for CVE-2026-26147 patch release from Microsoft and apply immediately upon availability
Detection Rules:
- Alert on Compute Gallery API calls with unusual query parameters or filter conditions
- Monitor for bulk image listing or export operations outside normal business hours
- Track failed authentication attempts followed by successful access to Compute Gallery
🔧 خطوات المعالجة (العربية)
الإجراءات الفورية:
1. تدقيق جميع سجلات الوصول إلى معرض Azure Compute للبحث عن نشاط مريب ومحاولات وصول غير مصرح بها للصور
2. مراجعة وتقييد أذونات معرض Azure Compute لمبدأ أقل امتياز؛ إزالة الوصول غير الضروري للمستخدمين
3. تفعيل تسجيل نشاط Azure وتكوين التنبيهات لعمليات قراءة وتصدير معرض Compute
4. تنفيذ تقسيم الشبكة لتحديد وصول معرض Compute للشبكات المصرح بها فقط
5. فرض المصادقة متعددة العوامل (MFA) لجميع الحسابات التي تحتوي على وصول معرض Compute
الضوابط التعويضية (حتى توفر التصحيح):
6. نشر سياسة Azure لتقييد عمليات معرض Compute حسب نوع المورد والموقع
7. تنفيذ قواعد الكشف في Azure Sentinel للاستعلامات غير الطبيعية لمعرض Compute والوصول الجماعي للصور
8. تفعيل تشفير Azure Storage وتنفيذ المفاتيح المدارة من قبل العميل لمستودعات الصور الحساسة
9. إجراء تدقيق فوري للبيانات الاعتمادية؛ تدوير كلمات المرور لجميع حسابات Azure ذات الامتيازات
10. مراقبة إصدار تصحيح CVE-2026-26147 من Microsoft وتطبيقه فوراً عند توفره
قواعد الكشف:
- تنبيه على استدعاءات API معرض Compute بمعاملات استعلام غير عادية أو شروط تصفية
- مراقبة عمليات قائمة الصور الجماعية أو التصدير خارج ساعات العمل العادية
- تتبع محاولات المصادقة الفاشلة متبوعة بالوصول الناجح إلى معرض Compute
📋 Regulatory Compliance Mapping
🟢 NCA ECC 2024
ECC 2024 A.5.1.1 - Access Control Policy
ECC 2024 A.8.2.1 - User Registration and De-registration
ECC 2024 A.8.2.3 - User Access Rights Review
ECC 2024 A.9.2.1 - User Identification and Authentication
ECC 2024 A.9.2.5 - Access Rights Review
ECC 2024 A.12.4.1 - Event Logging
ECC 2024 A.12.4.3 - Administrator and Operator Logs
🔵 SAMA CSF
SAMA CSF ID.AM-1 - Asset Management
SAMA CSF PR.AC-1 - Access Control Policy
SAMA CSF PR.AC-4 - Access Rights Management
SAMA CSF DE.AE-1 - Audit Logging
SAMA CSF DE.CM-1 - System Monitoring
🟡 ISO 27001:2022
ISO 27001:2022 A.5.3 - Segregation of Duties
ISO 27001:2022 A.8.2 - User Registration and De-registration
ISO 27001:2022 A.8.3 - User Access Provisioning
ISO 27001:2022 A.9.2 - User Identification and Authentication
ISO 27001:2022 A.9.4 - Access Rights Review
ISO 27001:2022 A.12.4 - Logging
🟣 PCI DSS v4.0.1
PCI DSS 3.2.1 - Strong Cryptography for Authentication
PCI DSS 7.1 - Limit Access to System Components
PCI DSS 8.1 - Assign Unique ID to Each User
PCI DSS 10.2 - Implement Automated Audit Trails
📦 Affected Products / CPE 1 entries
microsoft:azure_stack_hci:-