823 matches found
EUVD-2026-10700
Improper authentication in Azure Arc allows an authorized attacker to elevate privileges locally...
CVE-2026-26141
Improper authentication in Azure Arc allows an authorized attacker to elevate privileges locally...
CVE-2026-26141
Improper authentication in Azure Arc allows an authorized attacker to elevate privileges locally...
CVE-2026-26141 Hybrid Worker Extension (Arc‑enabled Windows VMs) Elevation of Privilege Vulnerability
...
CVE-2026-26141
Improper authentication in Azure Arc allows an authorized attacker to elevate privileges locally...
CVE-2026-26141 Hybrid Worker Extension (Arc‑enabled Windows VMs) Elevation of Privilege Vulnerability
...
CVE-2026-26141
CVE-2026-26141 corresponds to an Elevation of Privilege in the Hybrid Worker Extension (Arc-enabled Windows VMs) of Azure Arc, caused by improper authentication that could let an authorized attacker escalate privileges locally. The CVE entry notes a HIGH base score (CVSS 3.1: 7.8, LOCAL, LOW user...
CVE-2026-26117 Arc Enabled Servers - Azure Connected Machine Agent Elevation of Privilege Vulnerability
...
CVE-2026-26117 Arc Enabled Servers - Azure Connected Machine Agent Elevation of Privilege Vulnerability
...
CVE-2026-26117
CVE-2026-26117 concerns Arc Enabled Servers running the Azure Connected Machine Agent. The vulnerability is an Elevation of Privilege issue affecting the Azure Arc-enabled machine agent on Arc-enabled servers. According to the CVSS data, it is a local, low-complexity attack requiring LOW privileg...
March 10, 2026—Hotpatch KB5078736 (OS Build 26100.32463)
None None...
March 10, 2026—KB5078774 (Monthly Rollup)
March 10, 2026—KB5078774 Monthly Rollup Important The installation of this Extended Security Update ESU might fail when you try to install it on an Azure Arc-enabled device that is running Windows Server 2012 R2. For a successful installation, please make sure all Subset of endpoints for ESU only...
March 10, 2026—KB5078775 (Monthly Rollup)
March 10, 2026—KB5078775 Monthly Rollup Important The installation of this Extended Security Update ESU might fail when you try to install it on an Azure Arc-enabled device that is running Windows Server 2012. For a successful installation, please make sure all Subset of endpoints for ESU only ar...
Hybrid Worker Extension (Arc‑enabled Windows VMs) Elevation of Privilege Vulnerability
Improper authentication in Azure Arc allows an authorized attacker to elevate privileges locally...
Arc Enabled Servers - Azure Connected Machine Agent Elevation of Privilege Vulnerability
Authentication bypass using an alternate path or channel in Azure Windows Virtual Machine Agent allows an authorized attacker to elevate privileges locally...
KLA90924 Multiple vulnerabilities in Microsoft Azure
Multiple vulnerabilities were found in Microsoft Azure. Malicious users can exploit these vulnerabilities to spoof user interface, bypass security restrictions, gain privileges, obtain sensitive information. Below is a complete list of vulnerabilities: 1. A spoofing vulnerability in Azure IOT...
PT-2026-24336
Name of the Vulnerable Software and Affected Versions Azure Arc affected versions not specified Description An improper authentication issue exists in Azure Arc that could allow an authorized attacker to elevate privileges locally. Microsoft has disclosed three elevation of privilege flaws in Azu...
Microsoft Azure Arc 授权问题漏洞
Microsoft Azure Arc is a storage system provided by the American company Microsoft. It allows for the extension of the Azure platform into your environment. There are authorization-related vulnerabilities in Microsoft Azure Arc. Attackers can exploit these vulnerabilities to gain higher levels of...
Microsoft Azure Arc Access Control Error Vulnerability
Microsoft Azure Arc is a storage system from Microsoft USA. that extends the Azure platform into your environment. Microsoft Azure Arc has an Access Control Error vulnerability that can be exploited by an attacker to elevate privileges...
CVE-2025-40896
The server certificate was not verified when an Arc agent connected to a Guardian or CMC. A malicious actor could perform a man-in-the-middle attack and intercept the communication between the Arc agent and the Guardian or CMC. This could result in theft of the client token and sensitive...