🟠 High | Source: Microsoft Security Response Center
CVE-2026-8926 is a vulnerability in which passwords can be inadvertently exposed when a URL contains both user credentials and a .netrc file reference, potentially allowing an attacker to harvest plaintext credentials. This affects Azure-related tooling or SDKs that process such URLs. The risk is significant because credential leakage can lead to unauthorised access to cloud resources and sensitive data.
Security Architect’s Take: Audit any automation pipelines, scripts, or CI/CD workflows that construct URLs with embedded credentials or rely on .netrc files for authentication — migrate to token-based or managed identity authentication immediately, and rotate any credentials that may have been exposed.
Original advisory: CVE-2026-8926 password leak with netrc and user in URL