Azure Functions

azure_functions

Vendor: Microsoft • 5 CVEs

CVEs (5)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2026-21532 1Microsoft 1Azure Functions Feb 12, 2026 Feb 5, 2026 N/A· v4 8.2 HIGH· v3 N/A· v2 Azure Function Information Disclosure Vulnerability
CVE-2025-33074 1Microsoft 1Azure Functions May 12, 2025 Apr 30, 2025 N/A· v4 8.8 HIGH· v3 N/A· v2 Improper verification of cryptographic signature in Microsoft Azure Functions allows an authorized attacker to execute code over a network.
CVE-2024-49052 1Microsoft 1Azure Functions Feb 5, 2025 Nov 26, 2024 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Missing authentication for critical function in Microsoft Azure PolicyWatch allows an unauthorized attacker to elevate privileges over a network.
CVE-2024-38204 1Microsoft 1Azure Functions Nov 8, 2024 Oct 15, 2024 N/A· v4 6.5 MEDIUM· v3 N/A· v2 Improper access control in Imagine Cup allows an authorized attacker to elevate privileges over a network.
CVE-2020-16904 1Microsoft 1Azure Functions Feb 23, 2026 Oct 16, 2020 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 <p>An elevation of privilege vulnerability exists in the way Azure Functions validate access keys.</p> <p>An unauthenticated attacker who successfully exploited this vulnerability could invoke an HTTP Function without pr...Show more <p>An elevation of privilege vulnerability exists in the way Azure Functions validate access keys.</p> <p>An unauthenticated attacker who successfully exploited this vulnerability could invoke an HTTP Function without proper authorization.</p> <p>This security update addresses the vulnerability by correctly validating access keys used to access HTTP Functions.</p>Show less