CVE-2026-32213EXPLOITEDPATCHED

microsoft · azure ai foundry

Azure AI Foundry Elevation of Privilege Vulnerability

Description

Improper authorization in Azure AI Foundry allows an unauthorized attacker to elevate privileges over a network.

Affected Products

Vendor	Product	Versions
microsoft	azure ai foundry	-

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32213(vendor-advisory, patch)

Related News (2 articles)

Tier C

VulDB2d ago

CVE-2026-32213 | Microsoft Azure AI Foundry improper authorization

→ No new info (linked only)

Tier A

Microsoft MSRC3d ago

CVE-2026-32213 Azure AI Foundry Elevation of Privilege Vulnerability

→ No new info (linked only)

CVSS 3.110.0 CRITICAL

VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C

CISA KEV❌ No

Actively exploited✅ Yes

Patch available

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32213

CWECWE-285

PublishedApr 2, 2026

Last enriched2d agov2

Trending Score50

Source articles2

Independent2

Info Completeness9/14

Missing: title, epss, kev, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (5)

HIGHCVE-2026-21510EXPKEV

Protection mechanism failure in Windows Shell allows an unauthorized attacker to bypass a security feature over a network.

Trending: 55

MEDIUMCVE-2026-20805EXPKEV

Exposure of sensitive information to an unauthorized actor in Desktop Windows Manager allows an authorized attacker to disclose information locally.

Trending: 53

CRITICALCVE-2026-32211EXP

Azure MCP Server Information Disclosure Vulnerability

Trending: 50

CRITICALCVE-2026-23454EXP

net: mana: fix use-after-free in mana_hwc_destroy_channel() by reordering teardown

Trending: 47

HIGHCVE-2026-32173EXP

Azure SRE Agent Information Disclosure Vulnerability

Trending: 45

Pin to Dashboard

Verification

State: verified

Confidence: 0%

Vulnerability Timeline

CVE Published

Apr 2, 2026

Discovered by ZDM

Apr 2, 2026

Updated: description, exploitAvailable, activelyExploited

Apr 2, 2026

Actively Exploited

Apr 4, 2026

Exploit Available

Apr 4, 2026

Patch Available

Apr 4, 2026

Version History

Last enriched 2d ago

v2Tier A2d ago

Added a detailed description of the vulnerability and marked it as actively exploited with an exploit available.

descriptionexploitAvailableactivelyExploited

via Microsoft MSRC

v12d ago

Initial creation