CVE-2026-26117: Hijacking Azure Arc on Windows for Local Privilege Escalation & Cloud Identity Takeover By: Cymulate Research Lab March 10, 2026 Ben Zamir, Security Researcher Ilan Kalendarov, Security Research Team Lead A chain of vulnerabilities in Azure Arc agent services for Windows lets a low-privileged user hijack service communications, impersonate the machine’s cloud identity, escalate to NT AUTHORITY\SYSTEM and even trick it to connect to an attacker-controlled tenant instead. Cymulate Research Labs uncovered a weakness in the way Azure Arc agents on Windows machines initialize and authenticate their cloud identity services . The issue allows a low-privileged local user to intercept internal agent communications, escalate to local administrator and gain access to the underlying Azure identity attached to the machine. The same technique could be used to trick the machine into connecting into an attacker-controlled tenant instead. In addition to local privilege escalation, because Azure Arc identities may possess Azure RBAC permissions , compromising a single machine may also allow attackers to interact with cloud resources accessible to that identity. Mitigation for this exposure involves updating the Azure ARC agent components over any ARC-joined machine. The vulnerability was first reported to Microsoft in November 2025. On March 10, Microsoft released an updated ARC Agent services version 1.61 as a fix for CVE-2026-26117 . Cymulate encourages all cloud deployments of Azure ARC-joined Windows machine to apply the update as soon as possible. To help organizations validate their exposure to this CVE and associated threats, Cymulate Exposure Validation now includes attack scenarios that simulate how attackers enumerate for the Azure Arc service vulnerability. Executive Summary A chain of vulnerabilities in the Windows Azure ARC agent stack (HIMDS, Guest Configuration, ARC Proxy) running on Windows allows a low-privileged user to intervene between ARC service communications and manipulate their responses. An attacker who successfully exploits this chain can cause the machine to connect to an attacker-controlled Azure tenant, assume control over the ARC machine Azure object, impersonate that machine object to inherit its RBAC privileges and alter cloud-side machine properties and escalate local privileges to NT AUTHORITY\SYSTEM. Recommended Actions for Organizations Using Azure Arc Organizations using the Azure Arc service should take the following steps to reduce risk and verify their exposure: 1. Ensure that all ARC agents are updated. 2. Run Cymulate simulations to validate (see below). Who is affected Every Azure ARC-joined Windows machine having unpatched Azure ARC Agent services installed (below version 1.61 ) is vulnerable to the attack. Severity and likely impact Local privilege escalation from low-privileged user to NT AUTHORITY\SYSTEM Full control over the machine's Azure ARC object, including use of its RBAC privileges and the ability to change cloud-side machine properties and extract sensitive data Potential lateral effects if the compromised machine’s RBAC allows changes affecting other cloud resources Defense evasion by removing Microsoft Defender Endpoint from the victim’s machine Affected components Azure ARC agent service components installed on Windows joined machine: HIMDS, Guest Configuration, ARC Proxy. Preconditions The attacker has low-privileged access over an Azure ARC-joined Windows machine using the vulnerable software version. Exploitation requires a device restart, which can be achieved by triggering a reboot or by waiting for the next scheduled restart. Key findings The Azure ARC Agent services (HIMDS, Guest Configuration, and ARC Proxy) installed on Windows machines are by default configured for delayed startup. This allows a low-privileged user to exploit a race condition by pre-binding to the ports or named pipes the services will use, thereby impersonating the services and supplying malicious responses. Sensitive interactions between ARC services and HIMDS occur over an HTTP (non-TLS) listener, enabling an attacker to masquerade as a legitimate service by bypassing integrity and encryption protections. The ARC agent uses a fully dynamic approach to verify the machine’s identity, combined with inadequate input validation. This allows an attacker to alter the normal execution flow and cause the services to perform unintended or malicious actions. Introduction to Azure Arc As organizations expand beyond a single cloud provider, managing infrastructure across on-premises, multi-cloud and edge environments has become increasingly complex. To address this challenge, Microsoft introduced Azure Arc , a platform that extends Azure management capabilities to machines running outside of Azure. Azure Arc allows administrators to bring non-Azure resources , including on-premises servers, other cloud instances, and Kubernetes clusters into the Azure control plane. Once connected, t...