CVE-2026-21512 | Azure DevOps Server Cross-Site Scripting Vulnerability

CVE-2026-21512 | Azure DevOps Server Cross-Site Scripting Vulnerability Field Details CVE ID CVE-2026-21512 Title Azure DevOps Server Cross-Site Scripting Vulnerability Vendor Microsoft Product Azure DevOps Server Affected Product Line Azure DevOps Server 2022 Vulnerability Class Cross-Site Scripting (XSS) Underlying Weakness (CWE) CWE-918: Server-Side Request Forgery (SSRF) Description (short) SSRF in Azure DevOps Server can enable spoofing by an authorized user. CVSS v3.1 Base Score 6.5 (Medium) CVSS v3.1 Vector AV:N / AC:L / PR:L / UI:N / S:U / C:H / I:N / A:N Attack Vector Network (authenticated attacker) Impact on Confidentiality High Impact on Integrity None (per CVSS vector) Impact on Availability None (per CVSS vector) Authentication Requirement Low privileges required (PR:L) Exploit Prerequisites Attacker must be authorized in Azure DevOps Server Primary Impact Spoofing via crafted SSRF requests Affected Versions Azure DevOps Server 2022 before fixed builds Fixed State Update

CVE-2026-21512 | Azure DevOps Server Cross-Site Scripting Vulnerability

Related Articles

Saatva HD Mattress Review: A Solution for Heavy-Bodied Sleepers

Middleware patterns in Go without over-engineering

I Thought Learning More Tech Would Make Me a Better Developer — I Was Wrong

How to Take Perfect App Store Screenshots Using Xcode Simulator (No Device Needed)

Factor Promo Code: 50% Off Off Meal Prep

Related Articles

How-To
Saatva HD Mattress Review: A Solution for Heavy-Bodied Sleepers
Wired • 1w ago

How-To
Middleware patterns in Go without over-engineering
Medium Programming • 1w ago

How-To
I Thought Learning More Tech Would Make Me a Better Developer — I Was Wrong
Medium Programming • 1w ago

How-To
How to Take Perfect App Store Screenshots Using Xcode Simulator (No Device Needed)
Medium Programming • 1w ago

How-To
Factor Promo Code: 50% Off Off Meal Prep
Wired • 1w ago