Microsoft has patched multiple vulnerabilities across its Azure platform, including Azure Entra ID, Azure IoT Explorer, and Azure Virtual Machines, which could allow an attacker to impersonate users, escalate privileges, or access sensitive data. The CVSS scores for the listed CVEs range from 6.5 to 8.8, indicating high-severity risks. Specific affected and fixed version numbers are not provided in the source material.
Microsoft heeft kwetbaarheden verholpen in diverse Azure componenten. Een kwadwillende kan de kwetsbaarheden misbruiken om zich voor te doen als andere gebruiker, zich verhoogde rechten toe te kennen of toegang te krijgen tot gevoelige gegevens. ``` Azure Entra ID: |----------------|------|-------------------------------------| | CVE-ID | CVSS | Impact | |----------------|------|-------------------------------------| | CVE-2026-26148 | 8.10 | Verkrijgen van verhoogde rechten | |----------------|------|-------------------------------------| Azure IoT Explorer: |----------------|------|-------------------------------------| | CVE-ID | CVSS | Impact | |----------------|------|-------------------------------------| | CVE-2026-23664 | 7.50 | Toegang tot gevoelige gegevens | | CVE-2026-26121 | 7.50 | Voordoen als andere gebruiker | | CVE-2026-23661 | 7.50 | Toegang tot gevoelige gegevens | | CVE-2026-23662 | 7.50 | Toegang tot gevoelige gegevens | |----------------|------|-------------------------------------| Azure Portal Windows Admin Center: |----------------|------|-------------------------------------| | CVE-ID | CVSS | Impact | |----------------|------|-------------------------------------| | CVE-2026-23660 | 7.80 | Verkrijgen van verhoogde rechten | |----------------|------|-------------------------------------| Azure Compute Gallery: |----------------|------|-------------------------------------| | CVE-ID | CVSS | Impact | |----------------|------|-------------------------------------| | CVE-2026-23651 | 6.70 | Verkrijgen van verhoogde rechten | | CVE-2026-26124 | 6.70 | Verkrijgen van verhoogde rechten | | CVE-2026-26122 | 6.50 | Toegang tot gevoelige gegevens | |----------------|------|-------------------------------------| Azure MCP Server: |----------------|------|-------------------------------------| | CVE-ID | CVSS | Impact | |----------------|------|-------------------------------------| | CVE-2026-26118 | 8.80 | Verkrijgen van verhoogde rechten | |----------------|------|-------------------------------------| Azure Linux Virtual Machines: |----------------|------|-------------------------------------| | CVE-ID | CVSS | Impact | |----------------|------|-------------------------------------| | CVE-2026-23665 | 7.80 | Verkrijgen van verhoogde rechten | |----------------|------|-------------------------------------| Azure Windows Virtual Machine Agent: |----------------|------|-------------------------------------| | CVE-ID | CVSS | Impact | |----------------|------|-------------------------------------| | CVE-2026-26117 | 7.80 | Verkrijgen van verhoogde rechten | |----------------|------|-------------------------------------| Azure Arc: |----------------|------|-------------------------------------| | CVE-ID | CVSS | Impact | |----------------|------|-------------------------------------| | CVE-2026-26141 | 7.80 | Verkrijgen van verhoogde rechten | |----------------|------|-------------------------------------| ```