🟠 High | Source: Microsoft Security Response Center
CVE-2026-9547 is a vulnerability in an Azure-related SSH implementation where host validation is performed improperly, potentially allowing an attacker to intercept or manipulate SSH connections via a man-in-the-middle attack. This matters because SSH is widely used for secure administrative access to cloud infrastructure, and bypassing host validation undermines the trust model that protects those connections.
Security Architect’s Take: Audit your Azure environments for any services or pipelines relying on SSH connections and ensure host key verification is enforced and not suppressed — review SSH client configurations, automation scripts, and CI/CD tooling for StrictHostKeyChecking=no or equivalent overrides. Apply any available patches or mitigations from Microsoft promptly and consider restricting SSH access to known, trusted networks via NSGs or Azure Bastion.
Original advisory: CVE-2026-9547 SSH improper host validation