CVE-2026-9076: CMS Decryption Out-of-Bounds Read | Azure
🟠 High | Source: Microsoft Security Response Center CVE-2026-9076 is an out-of-bounds read vulnerability in CMS (Cryptographic Message Syntax) password-based decryption, disclosed via Microsoft’s Security Response Center. This type of flaw can allow an attacker to read memory beyond its intended boundary during decryption operations, potentially leaking sensitive data such as cryptographic keys or plaintext content. Depending on where this component is used in Azure services or client tooling, the exposure could be significant for workloads relying on CMS-based encryption. ...