H3-2026-0022¶

Azure Container Registry Public Network Access Enabled

Description¶

An Azure Container Registry with default configuration is accessible from the public internet without network restrictions.

Impact¶

Public network access increases the attack surface for the container registry. Attackers can attempt brute-force attacks against registry credentials, can exploit vulnerabilities in the registry service, or can target the registry in distributed denial-of-service attacks. While authentication may still be required, public accessibility enables reconnaissance and automated attacks from any location.

References¶

• Connect privately to an Azure container registry
• Configure public IP network rules
• MITRE ATT&CK Technique: T1133: External Remote Services
• MITRE ATT&CK Technique: T1110: Brute Force