NAVANEM
CVE-2026-35428

Azure Cloud Shell, unauthenticated command injection (spoofing over network)

Improper neutralization of special elements used in a command ('command injection') in Azure Cloud Shell allows an unauthorized attacker to perform spoofing over a network.

Overview

CVE-2026-35428 is a critical command injection vulnerability affecting Azure Cloud Shell, Microsoft's browser-based managed terminal environment hosted at shell.azure.com. The vulnerability stems from improper neutralization of special elements during command parsing, specifically in input handling that occurs before authentication completes. This allows an unauthenticated network-positioned attacker to inject commands and spoof responses that appear to originate from a legitimate user session.

Technical Details

Azure Cloud Shell provides a fully managed Bash/PowerShell environment backed by per-user containers, pre-loaded with administrative tools including Azure CLI (az), kubectl, and Terraform. The service mounts an Azure Files share for persistent $HOME storage.

The vulnerability exists in how Cloud Shell parses certain inputs during the pre-authentication phase. An attacker positioned on the network can exploit this improper neutralization to influence command construction, resulting in spoofed responses being returned to the user's session. The flaw is classified as a command injection vulnerability (CWE-77: Improper Neutralization of Special Elements used in a Command).

Since Cloud Shell is a managed service, Microsoft has applied the fix server-side, requiring no customer action for patching.

Impact

The impact is particularly severe for Managed Service Providers (MSPs) who use Cloud Shell to administer customer tenants across Azure subscriptions, Entra ID, Intune, Exchange Online, and Microsoft Sentinel. Sessions inherit delegated privileges through Lighthouse or guest accounts.

A successful spoofing attack could present falsified CLI output to administrators, such as:

  • Incorrect Conditional Access policy status
  • False MFA enforcement confirmations
  • Hidden break-glass account exposures

This manipulation breaks integrity assumptions that scripts and runbooks rely upon, potentially driving incorrect operational and security decisions without requiring code execution on the administrator's workstation.

Mitigation

  1. Microsoft has deployed server-side fixes; no customer patching required
  2. Review runbooks and scripts that parse Cloud Shell stdout without independent verification
  3. Re-validate break-glass accounts, Conditional Access policies, and admin consent grants via the Azure Portal or REST API rather than Cloud Shell
  4. Monitor Microsoft's response notes for additional IOC guidance and Defender alerting rules

Detection

  1. Query CloudShellAuditLog and AzureActivity tables in Microsoft Sentinel/Defender for anomalous Cloud Shell sessions during the affected window
  2. Look for unusual az command sequences from unfamiliar source IP addresses
  3. No public exploitation has been reported at the time of disclosure
  4. Microsoft typically publishes Defender alerting rules within 30 days for cloud advisories of this severity class