CVE-2026-6429 is a credential leak vulnerability where netrc credentials can be inadvertently exposed when an HTTP proxy connection is reused across requests. This occurs because authentication credentials stored in netrc files may be transmitted to unintended destinations via a reused proxy connection. If exploited, an attacker with visibility into proxy traffic could capture sensitive credentials used by Azure-connected workloads.

Security Architect’s Take: Review any Azure workloads or pipelines that use netrc files for credential storage alongside HTTP proxy configurations, and consider rotating any credentials that may have transited affected connections. Disable connection reuse on proxy clients where feasible, and audit proxy logs for unexpected credential forwarding until a patch is applied.

Original advisory: CVE-2026-6429 netrc credential leak with reused proxy connection

CVE-2026-6276 is a vulnerability in Azure where a stale custom cookie host configuration can cause session cookies to be leaked to unintended parties. This could allow an attacker to intercept or reuse authentication cookies, potentially gaining unauthorised access to user sessions or sensitive data. It matters because cookie leakage in cloud-hosted applications can lead to account takeover without requiring credentials.

Security Architect’s Take: Review any Azure-hosted applications using custom cookie domain configurations and ensure cookie host settings are kept current and accurate — stale or misconfigured host entries should be audited and corrected promptly. Apply any available Microsoft patch and consider enforcing the Secure and SameSite=Strict cookie attributes as a defence-in-depth measure.

Original advisory: CVE-2026-6276 stale custom cookie host causes cookie leak

CVE-2026-6253 is a vulnerability in a Microsoft Azure-related component where proxy credentials can be inadvertently leaked when an HTTP redirect causes a request to be forwarded to a different proxy. An attacker who can influence redirect behaviour could potentially intercept or capture credentials used for proxy authentication, gaining unauthorised access to network resources or sensitive systems behind the proxy.

Security Architect’s Take: Audit any Azure workloads or clients that authenticate to proxy servers — particularly those that follow HTTP redirects automatically — and apply Microsoft’s patch or workaround immediately. Consider enforcing proxy credential stripping on redirects at the network layer and reviewing proxy authentication logs for anomalous access patterns.

Original advisory: CVE-2026-6253 proxy credentials leak over redirect-to proxy