Microsoft Fixes Privilege Escalation and Spoofing Flaws in Azure Databricks and Cloud Services
Microsoft disclosed three cloud-service vulnerabilities affecting Azure Databricks, Microsoft Purview eDiscovery, and Microsoft Entra ID Entitlement Management. The issues are tracked as CVE-2026-33107, an elevation-of-privilege flaw in Azure Databricks; CVE-2026-26150, an elevation-of-privilege flaw in Microsoft Purview eDiscovery; and CVE-2026-35431, a spoofing flaw in Microsoft Entra ID Entitlement Management. Microsoft published the advisories through its Security Update Guide, indicating that multiple enterprise cloud components required security attention at the same time.
The affected products span analytics, compliance, and identity governance functions that are widely used in Microsoft-centric environments. While Microsoft provided limited public technical detail in the advisories, the vulnerability classifications indicate potential risks including unauthorized privilege gains in Databricks and Purview workflows, as well as identity or trust abuse scenarios involving Entra ID Entitlement Management. Organizations using these services should review the relevant Microsoft advisories, assess exposure in tenant configurations, and apply available mitigations or service updates through normal cloud security and change-management processes.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
3 events from the most recent confirmed update back to the earliest known activity.
Microsoft discloses CVE-2026-35431 in Entra ID Entitlement Management
Microsoft published a Security Update Guide entry for CVE-2026-35431, a Microsoft Entra ID Entitlement Management Spoofing vulnerability.
Microsoft discloses CVE-2026-26150 in Microsoft Purview eDiscovery
Microsoft published a Security Update Guide entry for CVE-2026-26150, a Microsoft Purview eDiscovery Elevation of Privilege vulnerability.
Microsoft discloses CVE-2026-33107 in Azure Databricks
Microsoft published a Security Update Guide entry for CVE-2026-33107, an Azure Databricks Elevation of Privilege vulnerability.
Sources
3 references tracked. Mallory keeps watching after this page renders.
CVE-2026-26150 - Security Update Guide - Microsoft - Microsoft Purview eDiscovery Elevation of Privilege Vulnerability
msrc.microsoft.com
Open sourceCVE-2026-35431 - Security Update Guide - Microsoft - Microsoft Entra ID Entitlement Management Spoofing Vulnerability
msrc.microsoft.com
Open sourceCVE-2026-33107 - Security Update Guide - Microsoft - Azure Databricks Elevation of Privilege Vulnerability
msrc.microsoft.com
Open sourceSee the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
Microsoft discloses SSRF flaws in Purview, Entra ID, and Dynamics 365 Online
Microsoft published three high-severity cloud-service vulnerabilities affecting **Microsoft Purview eDiscovery**, **Microsoft Entra ID Entitlement Management**, and **Microsoft Dynamics 365 Online**. The flaws are tracked as `CVE-2026-26150`, `CVE-2026-35431`, and `CVE-2026-32210`, and all are classified as **server-side request forgery (SSRF)** under `CWE-918`. Microsoft tagged each issue as affecting an **exclusively hosted service**, indicating exposure in Microsoft-managed online environments rather than on-premises deployments. According to the CVE records, `CVE-2026-26150` could let an unauthorized attacker elevate privileges over a network in Purview eDiscovery, while `CVE-2026-35431` and `CVE-2026-32210` could enable spoofing in Entra ID Entitlement Management and Dynamics 365 Online. The published `CVSS v3.1` vectors show low attack complexity and no required privileges across all three issues, with Entra ID carrying the broadest potential impact to confidentiality, integrity, and availability, and Dynamics 365 requiring user interaction. Microsoft linked the disclosures to its Security Response Center guidance for customer tracking and remediation.
May 24, 2026
Microsoft Discloses Elevation-of-Privilege Flaws Across Azure Services
Microsoft has published multiple Security Update Guide entries for elevation-of-privilege vulnerabilities affecting cloud services including **Azure Resource Manager**, **Azure Entra ID**, **Azure AI Foundry**, and **Redis Enterprise**. The disclosed issues include `CVE-2026-47280` and `CVE-2026-24304` in Azure Resource Manager, `CVE-2026-24305` and `CVE-2025-55241` in Azure Entra ID, `CVE-2025-59271` in Redis Enterprise, and `CVE-2026-35435` in Azure AI Foundry, indicating a broader set of privilege-boundary weaknesses across Microsoft-managed platforms. Microsoft provided the most detail for **CVE-2026-35435**, describing it as a **critical** improper access control flaw in Azure AI Foundry M365 published agents that could be exploited remotely over the network without privileges or user interaction, with potential for high confidentiality impact. The company said exploitation was considered more likely, but the vulnerability had not been publicly disclosed or exploited at publication time, and the service-side issue was already fully mitigated with **no customer action required**; the remaining CVEs were listed with limited public detail in the update guide.
May 25, 2026
Microsoft Addresses Elevation of Privilege Flaws Across Azure and Account Services
Microsoft has published security advisories for multiple **elevation of privilege** vulnerabilities affecting cloud and identity-related products, including **Payment Orchestrator Service** (`CVE-2026-26125`), **Microsoft Account** (`CVE-2025-21396`), **Azure Bot Service** (`CVE-2025-55244`), **Azure PolicyWatch** (`CVE-2024-49052`), and **Azure CycleCloud** (`CVE-2022-41085`). The issues were disclosed through the Microsoft Security Response Center and span both Azure platform components and Microsoft-managed account services. The advisories provide limited public technical detail, but the affected products indicate potential risk to organizations relying on Microsoft cloud workloads, automation, policy management, bot integrations, and identity services. Security teams should review the relevant MSRC entries, determine whether exposed services are in use, and prioritize remediation for any impacted environments where privilege escalation could increase access to sensitive resources or administrative functions.
May 25, 2026