{"data":{"id":"4fab0dab-3d66-4931-87a4-dbbf748e753b","title":"CVE-2026-33833: Improper neutralization of special elements in output used by a downstream component ('injection') in Azure Machine Lear","summary":"CVE-2026-33833 is a vulnerability in Azure Machine Learning where special characters in output are not properly filtered before being used by another component, allowing an attacker to perform spoofing (pretending to be someone or something else) over a network. The vulnerability has a CVSS score (a 0-10 severity rating) of 4.0, indicating moderate severity. This type of flaw is known as an injection vulnerability (CWE-74), where untrusted data can be used to manipulate downstream processes.","solution":"N/A -- no mitigation discussed in source.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2026-33833","publishedAt":"2026-05-12T18:17:05.160Z","cveId":"CVE-2026-33833","cweIds":["CWE-74"],"cvssScore":"8.2","cvssSeverity":"high","severity":"high","attackType":["other"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":["Microsoft"],"affectedVendorsRaw":["Microsoft Azure Machine Learning"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N","attackVector":"network","attackComplexity":"low","privilegesRequired":"none","userInteraction":"required","exploitMaturity":"unknown","epssScore":0,"patchAvailable":null,"disclosureDate":"2026-05-12T18:17:05.160Z","capecIds":null,"crossRefCount":0,"attackSophistication":"moderate","impactType":["integrity"],"aiComponentTargeted":"inference","llmSpecific":false,"classifierConfidence":0.75,"researchCategory":null,"atlasIds":null}}