{"@odata.context":"https://api.msrc.microsoft.com/sug/v2.0/sugodata/v2.0/en-US/$metadata#vulnerability/$entity","id":"00000000-0000-0000-0000-0000f2d76f73","releaseDate":"2026-05-07T07:00:00-07:00","cveNumber":"CVE-2026-32207","cveTitle":"Azure Machine Learning Notebook Spoofing Vulnerability","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-07T07:00:00-07:00","description":"<p>Improper neutralization of input during web page generation ('cross-site scripting') in Azure Machine Learning allows an unauthorized attacker to perform spoofing over a network.</p>\n","cweList":["CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"],"cweDetailsListForSearch":["cwe: CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","cweUrl: https://cwe.mitre.org/data/definitions/79.html"],"unformattedDescription":"Improper neutralization of input during web page generation ('cross-site scripting') in Azure Machine Learning allows an unauthorized attacker to perform spoofing over a network.","mitreText":"CVE-2026-32207","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-32207","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Azure Machine Learning","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000000,"severity":"Critical","impactId":100000008,"impact":"Spoofing","langCode":"en-US","baseScore":"8.8","temporalScore":"7.7","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":false,"customerActionRequiredId":2,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","https://cwe.mitre.org/data/definitions/79.html"]}],"articles":[{"title":"No action CVE holding pen","articleType":"ReleaseNote","description":"<p>No action CVE holding pen</p>\n","ordinal":10000},{"articleType":"FAQ","description":"<p><strong>Why are there no links to an update or instructions with steps that must be taken to protect from this vulnerability?</strong></p>\n<p>This vulnerability has already been fully mitigated by Microsoft. There is no action for users of this service to take. The purpose of this CVE is to provide further transparency.</p>\n<p>Please see <a href=\"https://aka.ms/MSRC-Cloud-CVEs\">Toward greater transparency: Unveiling Cloud Service CVEs</a> for more information.</p>\n","ordinal":10000},{"title":"Azure Machine Learning Spoofing Vulnerability","articleType":"100000000","description":"<p>Improper neutralization of input during web page generation ('cross-site scripting') in Azure Machine Learning allows an unauthorized attacker to perform spoofing over a network.</p>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-32207","version":1,"revisionDate":"2026-05-07T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"428948b5-5928-f111-93f8-000d3afbc7d7"}]}