Introduction
A critical command injection flaw in Azure Cloud Shell, scored at CVSS 9.6, could have allowed an unauthorized attacker to perform network spoofing by exploiting how the service processes user supplied input. What makes this disclosure notable is not just the severity, but the remediation model: Microsoft patched the vulnerability entirely on the server side before public disclosure, meaning no Azure customer needs to take any action.
This CVE is part of Microsoft's transparency initiative for cloud service vulnerabilities, announced in June 2024. Under this policy, Microsoft now assigns CVE IDs to critical cloud service flaws even when the fix has already been silently deployed. The exclusively-hosted-service tag on the CVE.org record signals this classification, helping defenders and security tools distinguish between vulnerabilities requiring customer remediation and those already handled by the cloud provider.
Technical Information
Vulnerability Classification
CVE-2026-35428 is classified under CWE-77: Improper Neutralization of Special Elements used in a Command (Command Injection). The vulnerability resides in Azure Cloud Shell, which is an interactive, authenticated, browser accessible terminal used for managing Azure resources. Cloud Shell sessions run on temporary hosts provided on a per user basis, featuring a 20 minute idle timeout and a 5 GB file share for persistent storage.
Root Cause
The core issue stems from how Azure Cloud Shell handles user supplied input. Insufficient neutralization of special elements in commands allowed an attacker to inject malicious content, ultimately enabling spoofing over a network. While detailed exploit mechanics have not been published by Microsoft or in public disclosures, the CWE-77 classification tells us that the service failed to properly sanitize or escape special characters before incorporating user input into command constructions on the backend.
CVSS 3.1 Breakdown
The full CVSS 3.1 vector string is: AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
| Metric | Value | Operational Meaning |
|---|---|---|
| Attack Vector | Network | The vulnerable component is bound to the network stack. |
| Attack Complexity | Low | Exploitation does not require advanced conditions. |
| Privileges Required | None | The attacker does not need prior authentication. |
| User Interaction | Required | A user must interact for the exploit to trigger. |
| Scope | Changed | The vulnerability impacts resources beyond the vulnerable component. |
| Confidentiality | High | Total loss of information confidentiality. |
| Integrity | High | Total compromise of system integrity. |
| Availability | High | Total loss of availability. |
Attack Flow
Based on the available information, the attack flow can be described as follows:
-
Initial Setup: The attacker crafts a malicious payload that exploits the command injection flaw in Azure Cloud Shell. No prior authentication to the target environment is required (Privileges Required: None).
-
User Interaction: The attack requires some form of user interaction (UI:R). This likely means the attacker must lure a legitimate Azure Cloud Shell user into triggering the injected command, potentially through a crafted link or a social engineering vector that causes the victim to interact with a malicious input within their Cloud Shell session.
-
Command Injection: Once the user interaction occurs, the improperly neutralized input is processed by the Cloud Shell backend, executing the injected command elements.
-
Spoofing and Scope Change: The injected command enables spoofing over the network. The "Changed" scope indicates that the impact extends beyond the Cloud Shell component itself, potentially affecting other Azure resources or services accessible from the compromised session context. The high ratings across confidentiality, integrity, and availability suggest the attacker could read sensitive data, modify resources, and disrupt service availability.
Detailed exploit mechanics beyond this analysis are not available in public disclosures, which limits independent verification of the precise injection point and payload structure.
Patch Information
Microsoft has fully resolved CVE-2026-35428 through a server side fix applied directly to the Azure Cloud Shell infrastructure. No customer action is required. The MSRC advisory, published on May 7, 2026, explicitly states: "This vulnerability has already been fully mitigated by Microsoft. There is no action for users of this service to take."
Because Azure Cloud Shell is an exclusively hosted service managed entirely by Microsoft, the patch was deployed to the backend environment without the need for customer downloadable updates, KB articles, or build number changes. The MSRC Security Update Guide reflects this by listing Customer Action Required: Not Required in the security updates table for the single affected product entry (Azure Cloud Shell). The CVSS temporal metric for Remediation Level is set to Official Fix (O), confirming that a complete vendor solution is in place.
In practical terms, if you are an Azure Cloud Shell user, the command injection flaw that could have allowed an unauthorized attacker to perform spoofing over the network has already been neutralized at the platform level. There are no patches to download, no configuration changes to make, and no upgrade steps to follow. Microsoft handled the full remediation lifecycle internally before public disclosure.
That said, organizations should still consider the following validation steps:
- Ensure that Cloud Shell usage is restricted to trusted entry points such as the official Azure portal and Visual Studio Code extensions.
- Monitor for unusual administrative actions or unexpected Cloud Shell session initiations around the May 7, 2026 publication date.
- Review Azure activity logs for any anomalous behavior in Cloud Shell sessions during the window before the fix was deployed.
Affected Systems and Versions
The affected product is Azure Cloud Shell. Because this is an exclusively hosted cloud service, traditional version numbers, build identifiers, or downloadable software versions do not apply. The CVE.org record and NVD listing do not specify affected version ranges, which is consistent with the server side nature of the service.
All users of Azure Cloud Shell prior to Microsoft's server side remediation (deployed before the May 7, 2026 public disclosure) were potentially affected. The fix has been applied universally across the Azure Cloud Shell infrastructure, so all current sessions operate on the patched environment.
Vendor Security History
The Microsoft Security Response Center investigates all reports of security vulnerabilities affecting Microsoft products and services. Their deployment of a server side fix for this cloud service vulnerability without requiring customer intervention demonstrates a mature incident response capability. This CVE is part of a broader transparency initiative Microsoft announced in June 2024, under which the company now assigns CVE IDs to critical cloud service flaws even when customers do not need to apply patches. This policy shift is designed to provide visibility into vulnerabilities that were previously fixed silently on the server side, giving defenders and security tools better awareness of the threat landscape.
References
- MSRC Advisory: CVE-2026-35428 Azure Cloud Shell Spoofing Vulnerability
- NVD Entry: CVE-2026-35428
- CVE Record: CVE-2026-35428
- Microsoft: What is Azure Cloud Shell?
- Microsoft MSRC Blog: Toward Greater Transparency, Unveiling Cloud Service CVEs
- The Hacker Wire: CVE-2026-35428 Analysis
- CISA Known Exploited Vulnerabilities Catalog
- Microsoft Security Update Guide
- MSRC Deployments



