3 matches found
CVE-2022-38007
CVE-2022-38007 affects Azure Guest Configuration and Azure Arc-enabled servers. The vulnerability enables local elevation of privilege by potentially replacing Microsoft-shipped code used by the Guest Configuration daemon (and related GC Arc Service/Extension daemons) and executing it with higher...
CVE-2025-26627
CVE-2025-26627 affects Microsoft Azure Arc Installer. The issue is an improper neutralization of special elements in a command (command injection) that allows an authorized local attacker to elevate privileges. The root cause is described across sources as a command injection vulnerability in Azu...
CVE-2026-24302
CVE-2026-24302 is an Elevation of Privilege issue in Microsoft Azure Arc caused by improper access control. An authenticated attacker could exploit a network path to elevate privileges; CVSS 3.1 vectors show network access, no user interaction, high to critical impact. Microsoft/Microsoft-affilia...