← Back

CVE-2026-42822

nvd nist
Published: May 18, 2026Modified: May 21, 2026

JSON object

Loading...
10.0
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Exploitability: 3.9 / Impact: 6.0
Source: secure@microsoft.com

Description

Improper authentication in Azure Local Disconnected Operations allows an unauthorized attacker to elevate privileges over a network.

Affected (2)

Microsoft
2 products
Azure Local
Azure Resource Manager
Configuration A
2 vulnerable
Vulnerable SoftwareAffected Versions
Azure Local
Before 2604.2.25645
Azure Resource Manager
All versions

Related CWEs

CWE-287
Improper Authentication
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

References (1)

Source: secure@microsoft.com
Vendor Advisory

Timeline

No history available yet.