GHSA-436v-jg82-p533

Source

https://github.com/advisories/GHSA-436v-jg82-p533

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/02/GHSA-436v-jg82-p533/GHSA-436v-jg82-p533.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-436v-jg82-p533

Aliases

CVE-2026-21531

Published

2026-02-10T18:30:42Z

Modified

2026-02-12T19:32:57.172347Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

Azure AI Language Authoring Elevation of Privilege Vulnerability can Lead to RCE

Details

Deserialization of untrusted data in the Azure AI Language Conversations Authoring client library for Python allows an unauthorized attacker to execute code over a network.

Database specific

{
    "github_reviewed": true,
    "nvd_published_at": "2026-02-10T18:16:35Z",
    "cwe_ids": [
        "CWE-502"
    ],
    "github_reviewed_at": "2026-02-12T18:28:29Z",
    "severity": "CRITICAL"
}

References

Affected packages

PyPI / azure-ai-language-conversations-authoring

Package

Name: azure-ai-language-conversations-authoring; View open source insights on deps.dev
Purl: pkg:pypi/azure-ai-language-conversations-authoring

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.0.0b4

Affected versions

1.*

1.0.0b1

1.0.0b2

1.0.0b3

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/02/GHSA-436v-jg82-p533/GHSA-436v-jg82-p533.json"