// Alert

Microsoft Azure threat report

Microsoft disclosed CVE-2026-42015, a critical off-by-one memory corruption vulnerability in GnuTLS PKCS#12 parsing affecting Azure Kubernetes Service (AKS) hybrid nodes, Windows Subsystem for Linux (WSL), and containerized workloads. The flaw enables remote code execution when processing specially crafted certificate files. Patches are available via GnuTLS 3.8.9 and Windows Update, but administrators must update both host and all container/WSL instances to fully mitigate risk.

// Get alerts for Microsoft Azure