NVD CRITICAL: CVE-2026-35428 — Improper neutralization of special elements used in a command ('command injectio...

Thursday, May 7, 2026 at 10:16 PM UTC·Source: NIST NVD

Updated: Monday, May 11, 2026 at 10:00 AM UTC

Executive Summary

Improper neutralization of special elements used in a command ('command injection') in Azure Cloud Shell allows an unauthorized attacker to perform spoofing over a network.

Analysis

Improper neutralization of special elements used in a command ('command injection') in Azure Cloud Shell allows an unauthorized attacker to perform spoofing over a network. CVSS Score: 9.6. Published: 2026-05-07T22:16:34.667.

Indicators of Compromise (1)

CVE (1)

CVE-2026-35428

NVD MITRE CVE

Source Attribution

Originally published by NIST NVD on May 7, 2026. Verified by: NIST.

Related Threats

MEDIUMVulnerabilityNEW

Restive Ventures raises $45 million for AI-native fintech fund

Restive Ventures, the early-stage venture firm, announced the close of its third fund, Restive Fund III, with $45 million in committed capital, reinforcing its conviction in a new category of AI-native financial services companies reshaping the global financial system.

Just nowFinextra

MEDIUMVulnerabilityNEW

University Centre Leeds opens applications for new fintech degree

A brand new degree, designed to equip learners with the future-ready skills needed to thrive in FinTech, one of the fastest-growing global sectors, is starting in September 2026 at University Centre Leeds.

3m agoFinextra

MEDIUMVulnerability

Total Payments moves into business banking

A UK payments provider is extending into offering business bank accounts as it looks to help small firms streamline their financial workings.

1h agoFinextra