Lucene search
K

823 matches found

EUVD
EUVD
added 2026/03/10 6:31 p.m.5 views

EUVD-2026-10700

Improper authentication in Azure Arc allows an authorized attacker to elevate privileges locally...

7.8CVSS5.8AI score0.00292EPSS
Exploits0References2
OSV
OSV
added 2026/03/10 6:18 p.m.4 views

CVE-2026-26141

Improper authentication in Azure Arc allows an authorized attacker to elevate privileges locally...

7.8CVSS5.7AI score0.00292EPSS
Exploits0References1
NVD
NVD
added 2026/03/10 6:18 p.m.13 views

CVE-2026-26141

Improper authentication in Azure Arc allows an authorized attacker to elevate privileges locally...

7.8CVSS0.00292EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/03/10 5:5 p.m.2 views

CVE-2026-26141 Hybrid Worker Extension (Arc‑enabled Windows VMs) Elevation of Privilege Vulnerability

...

7.8CVSS5.8AI score0.00292EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/03/10 5:5 p.m.5 views

CVE-2026-26141

Improper authentication in Azure Arc allows an authorized attacker to elevate privileges locally...

7.8CVSS5.8AI score0.00292EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/03/10 5:5 p.m.25 views

CVE-2026-26141 Hybrid Worker Extension (Arc‑enabled Windows VMs) Elevation of Privilege Vulnerability

...

7.8CVSS0.00292EPSS
Exploits0References1
CVE
CVE
added 2026/03/10 5:5 p.m.19 views

CVE-2026-26141

CVE-2026-26141 corresponds to an Elevation of Privilege in the Hybrid Worker Extension (Arc-enabled Windows VMs) of Azure Arc, caused by improper authentication that could let an authorized attacker escalate privileges locally. The CVE entry notes a HIGH base score (CVSS 3.1: 7.8, LOCAL, LOW user...

7.8CVSS5.8AI score0.00292EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/10 5:5 p.m.3 views

CVE-2026-26117 Arc Enabled Servers - Azure Connected Machine Agent Elevation of Privilege Vulnerability

...

7.8CVSS5.8AI score0.00439EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/10 5:5 p.m.28 views

CVE-2026-26117 Arc Enabled Servers - Azure Connected Machine Agent Elevation of Privilege Vulnerability

...

7.8CVSS0.00439EPSS
Exploits0References1
CVE
CVE
added 2026/03/10 5:5 p.m.44 views

CVE-2026-26117

CVE-2026-26117 concerns Arc Enabled Servers running the Azure Connected Machine Agent. The vulnerability is an Elevation of Privilege issue affecting the Azure Arc-enabled machine agent on Arc-enabled servers. According to the CVSS data, it is a local, low-complexity attack requiring LOW privileg...

7.8CVSS5.8AI score0.00439EPSS
Exploits0References1Affected Software1
Microsoft KB
Microsoft KB
added 2026/03/10 2:0 p.m.25 views

March 10, 2026—Hotpatch KB5078736 (OS Build 26100.32463)

None None...

9.8CVSS6.9AI score0.99962EPSS
Exploits35
Microsoft KB
Microsoft KB
added 2026/03/10 2:0 p.m.12 views

March 10, 2026—KB5078774 (Monthly Rollup)

March 10, 2026—KB5078774 Monthly Rollup Important The installation of this Extended Security Update ESU might fail when you try to install it on an Azure Arc-enabled device that is running Windows Server 2012 R2. For a successful installation, please make sure all Subset of endpoints for ESU only...

8.8CVSS6.9AI score0.04491EPSS
Exploits11
Microsoft KB
Microsoft KB
added 2026/03/10 2:0 p.m.16 views

March 10, 2026—KB5078775 (Monthly Rollup)

March 10, 2026—KB5078775 Monthly Rollup Important The installation of this Extended Security Update ESU might fail when you try to install it on an Azure Arc-enabled device that is running Windows Server 2012. For a successful installation, please make sure all Subset of endpoints for ESU only ar...

8.8CVSS6.9AI score0.04491EPSS
Exploits11
Microsoft CVE
Microsoft CVE
added 2026/03/10 2:0 p.m.5 views

Hybrid Worker Extension (Arc‑enabled Windows VMs) Elevation of Privilege Vulnerability

Improper authentication in Azure Arc allows an authorized attacker to elevate privileges locally...

7.8CVSS5.8AI score0.00292EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2026/03/10 2:0 p.m.5 views

Arc Enabled Servers - Azure Connected Machine Agent Elevation of Privilege Vulnerability

Authentication bypass using an alternate path or channel in Azure Windows Virtual Machine Agent allows an authorized attacker to elevate privileges locally...

7.8CVSS5.8AI score0.00439EPSS
Exploits0
Kaspersky
Kaspersky
added 2026/03/10 12:0 a.m.7 views

KLA90924 Multiple vulnerabilities in Microsoft Azure

Multiple vulnerabilities were found in Microsoft Azure. Malicious users can exploit these vulnerabilities to spoof user interface, bypass security restrictions, gain privileges, obtain sensitive information. Below is a complete list of vulnerabilities: 1. A spoofing vulnerability in Azure IOT...

8.8CVSS6.3AI score0.01046EPSS
Exploits0References15
Positive Technologies
Positive Technologies
added 2026/03/10 12:0 a.m.5 views

PT-2026-24336

Name of the Vulnerable Software and Affected Versions Azure Arc affected versions not specified Description An improper authentication issue exists in Azure Arc that could allow an authorized attacker to elevate privileges locally. Microsoft has disclosed three elevation of privilege flaws in Azu...

7.8CVSS5.7AI score0.00292EPSS
Exploits0References7
CNNVD
CNNVD
added 2026/03/10 12:0 a.m.11 views

Microsoft Azure Arc 授权问题漏洞

Microsoft Azure Arc is a storage system provided by the American company Microsoft. It allows for the extension of the Azure platform into your environment. There are authorization-related vulnerabilities in Microsoft Azure Arc. Attackers can exploit these vulnerabilities to gain higher levels of...

7.8CVSS5.8AI score0.00292EPSS
Exploits0References1
CNVD
CNVD
added 2026/03/06 12:0 a.m.5 views

Microsoft Azure Arc Access Control Error Vulnerability

Microsoft Azure Arc is a storage system from Microsoft USA. that extends the Azure platform into your environment. Microsoft Azure Arc has an Access Control Error vulnerability that can be exploited by an attacker to elevate privileges...

9.8CVSS5.8AI score0.01526EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/05 7:31 p.m.4 views

CVE-2025-40896

The server certificate was not verified when an Arc agent connected to a Guardian or CMC. A malicious actor could perform a man-in-the-middle attack and intercept the communication between the Arc agent and the Guardian or CMC. This could result in theft of the client token and sensitive...

6.5CVSS5.9AI score0.00111EPSS
Exploits0References1
Rows per page
Query Builder