🟠 High | Source: Microsoft Security Response Center
CVE-2026-10846 is a vulnerability affecting an Azure-related component where DNS or network query responses are not sufficiently verified as belonging to their originating query. This type of flaw can allow an attacker to inject malicious responses, potentially leading to data interception, traffic redirection, or cache poisoning. It matters because cloud workloads relying on DNS resolution or similar request-response protocols could be silently redirected without triggering obvious alerts.
Security Architect’s Take: Review whether affected Azure services or client components are exposed to untrusted networks, and apply any available patches or mitigations from Microsoft promptly. In the interim, consider enforcing DNS-over-HTTPS or DNSSEC where feasible, and audit network segmentation to limit the attack surface for response injection.
Original advisory: CVE-2026-10846 Insufficient verification that responses belong to a query