Internet Explorer is no longer supported. Many things will still work, but your experience will be degraded and some things won't function. Please use a modern browser such as Edge, Chrome, or Firefox.
Inedo Security Labs

PGV-2228003 - Azure SDK for .NET Information Disclosure Vulnerability.

Disclosed on April 16, 2022 (updated May 11, 2026)

Vulnerability Overview

PGV-2228003 is a category 2 vulnerabilty that affects Microsoft.Rest.ClientRuntime, versions < 2.3.24

CVSS Scores:

Risk Assessment

customize

The risk assessment shows that this vulnerability is exlpoited by a rogue user. A legitimate user who abuses authorized access to exploit this vulnerability.

The impact is contained to the application. Exploitation remains confined to the application and cannot affect the host environment or external systems.

The threat damage is caused by a data breach. Exploitation can result in full access to data within the system.

Vulnerability Details

Azure SDK for .NET Information Disclosure Vulnerability via undisclosed methods relating to lack of sanitization of exception messages.

Common Weakness Enumerations

  • CWE-532 - Insertion of Sensitive Information into Log File

Additional References

Your Risk Profile
Network Exposure
External
Accessable from the public internet
Access Interface
WebBrowser
Primarily web-based applications
Service Outage
Disruptive
Operations would be impacted
Data Breach
Disruptive
Operations would be impacted
Data Tampering
Disruptive
Operations would be impacted
Customize
Additional Identifiers
  • CVE-2022-26907
  • GHSA-whph-446h-6m9v

v2.0.4 © 2026 Inedo, LLC