CVE-2026-42822 — Azure Local Disconnected Operations: CVSS 10.0 unauthenticated network elevation-of-privilege

Microsoft assigned CVE-2026-42822 (CVSS 10.0, CWE-287 Improper Authentication, AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H) to an authentication-bypass flaw in Azure Local Disconnected Operations (ALDO), rated "Exploitation More Likely." ALDO is the air-gapped/sovereign-cloud deployment mode that public-sector and regulated operators specifically choose for data-residency reasons — so this CVSS-10 bug lands squarely on the deployments most likely to hold sensitive workloads. No confirmed exploitation; treat as a high-priority patch given the "More Likely" rating and the sovereign-deployment exposure.