3 matches found
CVE-2026-33117
The Java Key Vault Keys library in the Azure SDK for Java contains an issue in the local cryptographic verification path where authentication tag comparison was implemented incorrectly. In affected applications that use the vulnerable local cryptography path, specially crafted encrypted input may...
com.azure.resourcemanager:azure-resourcemanager (>=2.52.0 <=2.60.0), com.azure.resourcemanager:azure-resourcemanager-appservice (>=2.52.0 <=2.55.0) +20 more potentially affected by CVE-2026-33117 via com.azure:azure-security-keyvault-keys (>=4.10.0 <=4.10.5)
com.azure:azure-security-keyvault-keys MAVEN version =4.10.0, =2.52.0, =2.52.0, =2.52.0, =5.23.0, =5.23.0, =5.23.0, =5.23.0, =5.23.0, =3.2.0, =239.v0e088b133a77, =0.17.0, =0.17.0, =5.13.0, =1.2.0, =4.19.0, =4.20.0 and more Source cves: CVE-2026-33117htt...
CVE-2026-33117
Azure SDK for Java is affected by CVE-2026-33117: improper authentication allows a remote attacker to bypass a security feature over the network. The issue has a CVSS v3.1 base score of 9.1 (CRITICAL) with high impact to confidentiality and integrity, no availability impact, and requires no privi...