External control of file name or path in Azure Stack Edge allows an unauthorized attacker to execute code over a network.
The vulnerability classified as CWE-73 (External Control of File Name or Path) allows an attacker to externally control the file name or path used by the application. Through the network, without authentication and without user interaction, it is possible to pass crafted input data pointing to a file or path controlled by the attacker. This leads to code execution on the vulnerable Azure Stack Edge system.
An unauthenticated attacker can remotely execute arbitrary code on an Azure Stack Edge device, which may result in complete compromise of system confidentiality, integrity, and availability.
Apply patches available from the vendor according to the references: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-47643
Microsoft Azure Stack Edge — versions indicated in the vendor's references
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H