{"data":{"id":"26f6b3fb-e8cf-43b9-bcb4-3b8f3fc06dd5","title":"CVE-2026-32207: Improper neutralization of input during web page generation ('cross-site scripting') in Azure Machine Learning allows an","summary":"CVE-2026-32207 is a cross-site scripting vulnerability (XSS, where an attacker injects malicious code into a web page that gets executed in users' browsers) in Azure Machine Learning that allows an unauthorized attacker to perform spoofing (impersonating someone or something else) over a network. The vulnerability stems from improper handling of user input during web page generation.","solution":"N/A -- no mitigation discussed in source.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2026-32207","publishedAt":"2026-05-07T22:16:33.900Z","cveId":"CVE-2026-32207","cweIds":["CWE-79"],"cvssScore":"8.8","cvssSeverity":"high","severity":"high","attackType":["jailbreak"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":["Microsoft"],"affectedVendorsRaw":["Microsoft Azure Machine Learning"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","attackVector":"network","attackComplexity":"low","privilegesRequired":"none","userInteraction":"required","exploitMaturity":"unknown","epssScore":0,"patchAvailable":null,"disclosureDate":"2026-05-07T22:16:33.900Z","capecIds":["CAPEC-198","CAPEC-86"],"crossRefCount":0,"attackSophistication":"trivial","impactType":["integrity"],"aiComponentTargeted":"inference","llmSpecific":false,"classifierConfidence":0.75,"researchCategory":null,"atlasIds":["AML.T0054"]}}