CVE-2026-35428

Daily digests

A command injection bug in Azure Cloud Shell lets an unauthenticated attacker spoof actions over the network. CVSS 9.6 puts this near the top of the severity scale. Microsoft hasn't published deep technical details yet, but the combination of command injection and no auth requirement makes this one to act on fast.

• Daily Digest · May 8, 2026

  Linux ksmbd RCE (9.8) + Azure Cloud Shell injection