CVE-2026-21531: Azure AI Language Authoring Elevation of Privilege Vulnerability can Lead to RCE

February 10, 2026 (updated February 12, 2026)

Deserialization of untrusted data in Azure SDK allows an unauthorized attacker to execute code over a network.

References

github.com/Azure/azure-sdk-for-python
github.com/advisories/GHSA-436v-jg82-p533
msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21531
nvd.nist.gov/vuln/detail/CVE-2026-21531

Code Behaviors & Features

Detect and mitigate CVE-2026-21531 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →