Microsoft Discloses Elevation-of-Privilege Flaws Across Azure Services
Microsoft has published multiple Security Update Guide entries for elevation-of-privilege vulnerabilities affecting cloud services including Azure Resource Manager, Azure Entra ID, Azure AI Foundry, and Redis Enterprise. The disclosed issues include CVE-2026-47280 and CVE-2026-24304 in Azure Resource Manager, CVE-2026-24305 and CVE-2025-55241 in Azure Entra ID, CVE-2025-59271 in Redis Enterprise, and CVE-2026-35435 in Azure AI Foundry, indicating a broader set of privilege-boundary weaknesses across Microsoft-managed platforms.
Microsoft provided the most detail for CVE-2026-35435, describing it as a critical improper access control flaw in Azure AI Foundry M365 published agents that could be exploited remotely over the network without privileges or user interaction, with potential for high confidentiality impact. The company said exploitation was considered more likely, but the vulnerability had not been publicly disclosed or exploited at publication time, and the service-side issue was already fully mitigated with no customer action required; the remaining CVEs were listed with limited public detail in the update guide.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
5 events from the most recent confirmed update back to the earliest known activity.
Microsoft discloses Azure Resource Manager EoP flaw CVE-2026-47280
Microsoft published a Security Update Guide entry for CVE-2026-47280, an Azure Resource Manager elevation of privilege vulnerability.
Microsoft discloses and mitigates Azure AI Foundry flaw CVE-2026-35435
Microsoft disclosed CVE-2026-35435, a critical elevation of privilege vulnerability affecting Azure AI Foundry M365 published agents. The company said the issue had already been fully mitigated, required no customer action, and was not publicly disclosed or exploited at publication.
Microsoft discloses ACI Confidential Containers EoP flaw CVE-2026-23651
Microsoft published a Security Update Guide entry for CVE-2026-23651, an elevation of privilege vulnerability affecting Microsoft ACI Confidential Containers.
Microsoft discloses Azure Resource Manager EoP flaw CVE-2026-24304
Microsoft published a Security Update Guide entry for CVE-2026-24304, an Azure Resource Manager elevation of privilege vulnerability.
Microsoft discloses Azure Entra ID EoP flaw CVE-2026-24305
Microsoft published a Security Update Guide entry for CVE-2026-24305, an Azure Entra ID elevation of privilege vulnerability.
Sources
7 references tracked. Mallory keeps watching after this page renders.
CVE-2026-47280 - Security Update Guide - Microsoft - Azure Resource Manager Elevation of Privilege Vulnerability
msrc.microsoft.com
Open sourceCVE-2026-35435 - Security Update Guide - Microsoft - Azure AI Foundry Elevation of Privilege Vulnerability
msrc.microsoft.com
Open sourceCVE-2026-23651 - Security Update Guide - Microsoft - Microsoft ACI Confidential Containers Elevation of Privilege Vulnerability
msrc.microsoft.com
Open sourceCVE-2026-24305 - Security Update Guide - Microsoft - Azure Entra ID Elevation of Privilege Vulnerability
msrc.microsoft.com
Open sourceCVE-2026-24304 - Security Update Guide - Microsoft - Azure Resource Manager Elevation of Privilege Vulnerability
msrc.microsoft.com
Open sourceCVE-2025-59271 - Security Update Guide - Microsoft - Redis Enterprise Elevation of Privilege Vulnerability
msrc.microsoft.com
Open sourceCVE-2025-55241 - Security Update Guide - Microsoft - Azure Entra ID Elevation of Privilege Vulnerability
msrc.microsoft.com
Open sourceSee the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
Microsoft Discloses Windows Elevation of Privilege Vulnerabilities
Microsoft published security advisories for two **Elevation of Privilege** flaws affecting Windows components: `CVE-2026-23660` in **Windows Admin Center in Azure Portal** and `CVE-2025-62472` in **Windows Remote Access Connection Manager**. Both entries were released through Microsoft's Security Update Guide, identifying separate privilege-escalation issues in enterprise-relevant Windows management and connectivity functionality. The disclosures indicate that attackers who successfully exploit the vulnerabilities could gain higher privileges on affected systems, increasing the risk of broader compromise after initial access. Organizations using Windows administrative tooling in Azure environments and systems relying on Remote Access Connection Manager should review Microsoft's advisories, determine exposure to the affected components, and prioritize applicable security updates and mitigation steps.
May 25, 2026
Microsoft Patches Elevation-of-Privilege Flaws in Azure Monitoring and Agent Components
Microsoft disclosed and patched multiple elevation-of-privilege vulnerabilities affecting Azure agent components, including **Azure Monitor Agent**, the **Azure Monitor Agent Metrics Extension**, the **Azure Connected Machine Agent**, and the **Azure Network Watcher VM Extension**. The newly detailed issues include `CVE-2026-32204`, an **Important** flaw in Azure Monitor Agent caused by external control of file name or path (`CWE-73`), and `CVE-2026-42830`, an **Important** untrusted search path vulnerability (`CWE-426`) in the Metrics Extension. Microsoft said both flaws could be exploited locally by low-privileged attackers to gain elevated privileges, with `CVE-2026-32204` potentially enabling file writes and unauthorized code execution as **root**, while `CVE-2026-42830` could lead to privilege escalation and arbitrary code execution through implicit loading behavior tied to OpenSSL configuration handling. The disclosures add to a broader pattern of privilege-escalation fixes across Azure management tooling, following earlier advisories for `CVE-2024-35254` in Azure Monitor Agent, `CVE-2023-35624` in Azure Connected Machine Agent, and `CVE-2025-21188` in the Azure Network Watcher VM Extension. Microsoft assigned a CVSS 3.1 score of **7.8** to `CVE-2026-32204` and **6.5** to `CVE-2026-42830`, said neither issue was publicly disclosed or exploited at the time of publication, and released official fixes. Microsoft credited **Cristhian Parrot of Kroll** for reporting `CVE-2026-42830` through coordinated vulnerability disclosure.
May 25, 2026
Microsoft Fixes Privilege Escalation and Spoofing Flaws in Azure Databricks and Cloud Services
Microsoft disclosed three cloud-service vulnerabilities affecting **Azure Databricks**, **Microsoft Purview eDiscovery**, and **Microsoft Entra ID Entitlement Management**. The issues are tracked as **`CVE-2026-33107`**, an elevation-of-privilege flaw in Azure Databricks; **`CVE-2026-26150`**, an elevation-of-privilege flaw in Microsoft Purview eDiscovery; and **`CVE-2026-35431`**, a spoofing flaw in Microsoft Entra ID Entitlement Management. Microsoft published the advisories through its Security Update Guide, indicating that multiple enterprise cloud components required security attention at the same time. The affected products span analytics, compliance, and identity governance functions that are widely used in Microsoft-centric environments. While Microsoft provided limited public technical detail in the advisories, the vulnerability classifications indicate potential risks including unauthorized privilege gains in Databricks and Purview workflows, as well as identity or trust abuse scenarios involving Entra ID Entitlement Management. Organizations using these services should review the relevant Microsoft advisories, assess exposure in tenant configurations, and apply available mitigations or service updates through normal cloud security and change-management processes.
Apr 23, 2026