CVE-2026-23655
📋 TL;DR
This vulnerability in Azure Compute Gallery allows cleartext storage of sensitive information, enabling authorized attackers to access and disclose this data over the network. It affects organizations using Azure Compute Gallery with sensitive information stored in gallery artifacts. The risk primarily impacts cloud environments where gallery resources are shared or exposed.
💻 Affected Systems
- Azure Compute Gallery
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Complete disclosure of sensitive information including credentials, API keys, or proprietary data stored in gallery artifacts to unauthorized parties, potentially leading to account compromise, data breaches, and regulatory violations.
Likely Case
Authorized users with gallery access can view sensitive information they shouldn't have access to, leading to internal data exposure and potential privilege escalation within the Azure environment.
If Mitigated
With proper access controls and encryption, impact is limited to authorized users who already have some level of access to the gallery resources.
🎯 Exploit Status
Exploitation requires authorized access to Azure Compute Gallery. Attack complexity is low once access is obtained.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Latest Azure Compute Gallery service update
Vendor Advisory: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-23655
Restart Required: No
Instructions:
1. Update Azure Compute Gallery to latest version via Azure Portal. 2. Ensure all gallery artifacts are encrypted. 3. Review and update access controls for gallery resources.
🔧 Temporary Workarounds
Enable encryption for gallery artifacts
allConfigure encryption for all sensitive information stored in gallery artifacts
az sig gallery-application update --resource-group <RG> --gallery-name <GalleryName> --name <AppName> --enable-encryption true
Restrict gallery access
allImplement strict RBAC controls to limit who can access gallery resources
az role assignment create --assignee <UserOrGroup> --role 'Reader' --scope $(az sig show --resource-group <RG> --gallery-name <GalleryName> --query id -o tsv)
🧯 If You Can't Patch
- Remove all sensitive information from gallery artifacts and store in Azure Key Vault or other encrypted storage
- Implement network security groups to restrict access to gallery endpoints and enable audit logging for all gallery access
🔍 How to Verify
Check if Vulnerable:
Check if sensitive information is stored unencrypted in gallery artifacts: az sig gallery-application show --resource-group <RG> --gallery-name <GalleryName> --name <AppName> --query 'encryptionSettings'Check Version:
az version --query '"azure-cli"' -o tsvVerify Fix Applied:
Verify encryption is enabled and no cleartext sensitive data remains: az sig gallery-application show --resource-group <RG> --gallery-name <GalleryName> --name <AppName> --query 'encryptionSettings.enabled'📡 Detection & Monitoring
Log Indicators:
- Unusual access patterns to gallery artifacts
- Multiple failed attempts to access encrypted resources
- Access from unexpected IP addresses or locations
Network Indicators:
- Unencrypted data transmission containing sensitive information
- Traffic to gallery endpoints from unauthorized sources
SIEM Query:
AzureActivity | where OperationNameValue contains "Microsoft.Compute/galleries" and ResultType == "Success" | summarize count() by CallerIpAddress, Caller, TimeGenerated