🟡 Medium | Source: Microsoft Security Response Center
CVE-2026-41991 is a vulnerability in GNU gzip involving the use of predictable temporary file names, which can be exploited by local attackers to perform symlink attacks or overwrite arbitrary files. This type of flaw can lead to privilege escalation or data corruption, particularly in environments where gzip is invoked by privileged processes. It is relevant to Azure and other cloud environments where gzip is commonly present in Linux-based workloads and container images.
Security Architect’s Take: Review your Azure Linux VMs, container base images, and CI/CD pipelines for affected versions of GNU gzip and apply vendor patches promptly; also assess whether any privileged automation or cron jobs invoke gzip in a way that could be exploited by a lower-privileged user on the same host.
Original advisory: CVE-2026-41991 Predictable Temporary File in GNU gzip