Security Updates for Azure Connected Machine Agent < 1.64 (May 2026)

The Microsoft Azure Connected Machine Agent installation on the remote host is missing security updates. It is, therefore, affected by an elevation of privilege vulnerability: - Improper access control in Azure Connected Machine Agent allows an authorized attacker to elevate privileges locally...

CVE-2026-40381

Improper access control in Azure Connected Machine Agent allows an authorized attacker to elevate privileges locally...

CVE-2026-40381

Improper access control in Azure Connected Machine Agent allows an authorized attacker to elevate privileges locally...

CVE-2026-40381 Azure Connected Machine Agent Elevation of Privilege Vulnerability

...

CVE-2026-40381

CVE-2026-40381: Improper access control in the Azure Connected Machine Agent enables a locally authenticated attacker to elevate privileges. The vulnerability affects the Azure Connected Machine Agent; attacker must have local access and low privileges, with no user interaction required. The CVSS...

Azure Connected Machine Agent Elevation of Privilege Vulnerability

Improper access control in Azure Connected Machine Agent allows an authorized attacker to elevate privileges locally...

KLA91034 Multiple vulnerabilities in Microsoft Azure

Multiple vulnerabilities were found in Microsoft Azure. Malicious users can exploit these vulnerabilities to spoof user interface, bypass security restrictions, gain privileges. Below is a complete list of vulnerabilities: 1. A spoofing vulnerability in Azure Machine Learning Notebook can be...

PT-2026-40210

Improper access control in Azure Connected Machine Agent allows an authorized attacker to elevate privileges locally...

CVE-2026-26117 Arc Enabled Servers - Azure Connected Machine Agent Elevation of Privilege Vulnerability

...

CVE-2026-26117 Arc Enabled Servers - Azure Connected Machine Agent Elevation of Privilege Vulnerability

...

CVE-2026-26117

CVE-2026-26117 concerns Arc Enabled Servers running the Azure Connected Machine Agent. The vulnerability is an Elevation of Privilege issue affecting the Azure Arc-enabled machine agent on Arc-enabled servers. According to the CVSS data, it is a local, low-complexity attack requiring LOW privileg...

EUVD-2026-2110

Stack-based buffer overflow in Azure Connected Machine Agent allows an authorized attacker to elevate privileges locally...

Microsoft Azure Connected Machine Agent 安全漏洞

Microsoft Azure Connected Machine Agent is the ability of Microsoft Corporation USA to manage Windows and Linux computers hosted outside of Azure on a corporate network or other cloud provider. A security vulnerability exists in Microsoft Azure Connected Machine Agent. An attacker could exploit t...

PT-2026-2764

CVE-2026-21224 Stack-based buffer overflow in Azure Connected Machine Agent allows an authorized attacker to elevate privileges locally. https://t.co/nj6zlxVciK...

Vulnerabilities fixed in Microsoft Azure

Microsoft has fixed vulnerabilities in several Azure components. A malicious party could exploit the vulnerabilities to impersonate another user and potentially grant themselves elevated privileges, in order to gain access to sensitive data or execute arbitrary code with elevated privileges. The...

CVE-2025-58724

Improper access control in Azure Connected Machine Agent allows an authorized attacker to elevate privileges locally...

CVE-2025-47989

Improper access control in Azure Connected Machine Agent allows an authorized attacker to elevate privileges locally...

CVE-2025-58724

CVE-2025-58724 : Affects Azure Connected Machine Agent. Description confirms an improper access control flaw that enables an authorized local attacker to escalate privileges. CVSS v3.1/3.1 base score 7.8 (HIGH) with local, low complexity, and no user interaction requirements; impact on confidenti...

CVE-2025-47989 Arc Enabled Servers - Azure Connected Machine Agent Elevation of Privilege Vulnerability

...

Arc Enabled Servers - Azure Connected Machine Agent Elevation of Privilege Vulnerability

Improper access control in Azure Connected Machine Agent allows an authorized attacker to elevate privileges locally...