CRITICALAi
Verified
Global
Critical RCE Chain in Microsoft Azure Kubernetes Service Exposes Cloud Workloads
·Source: Microsoft MSRC / Wiz Research
Updated:
Executive Summary
Three chained vulnerabilities in Azure AKS allow container escape and host node RCE. 40% of AKS clusters were vulnerable before patching.
Analysis
Wiz Research discovered a chain: CVE-2026-21345 (OverlayFS container escape), CVE-2026-21346 (kubelet auth bypass), CVE-2026-21347 (RBAC privilege escalation to cluster-admin). Microsoft has auto-patched managed clusters.
Timeline
Discovered
Mar 15, 2026
Published
Mar 28, 2026
Patch Available
Mar 28, 2026