Zero Day MonitorZDM

← Back to list

10.0

CVE-2026-33105PATCHED

microsoft · azure_kubernetes_service

Microsoft Azure Kubernetes Service Elevation of Privilege Vulnerability

Description

Improper authorization in Microsoft Azure Kubernetes Service allows an unauthorized attacker to elevate privileges over a network.

Affected Products

Vendor	Product	Versions
microsoft	azure_kubernetes_service	-

Also Affects

Downstream vendors/products affected by this vulnerability

Vendor	Product	Source	Confidence
microsoft	azure	cert_advisory	90%

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-33105(vendor-advisory, patch)

Related News (3 articles)

Tier B

BSI Advisories4h ago

[NEU] [hoch] Microsoft Azure: Mehrere Schwachstellen

→ No new info (linked only)

Tier C

VulDB4d ago

CVE-2026-33105 | Microsoft Azure Kubernetes Service improper authorization

→ No new info (linked only)

Tier A

Microsoft MSRC5d ago

CVE-2026-33105 Microsoft Azure Kubernetes Service Elevation of Privilege Vulnerability

→ No new info (linked only)

CVSS 3.110.0 CRITICAL

VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C

CISA KEV❌ No

Actively exploited❌ No

Patch available

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-33105

CWECWE-285

PublishedApr 2, 2026

Last enriched4d agov2

Tags

managed service

Trending Score60

Source articles3

Independent3

Info Completeness9/14

Missing: epss, kev, exploit, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (5)

CRITICALCVE-2026-32213EXP

Azure AI Foundry Elevation of Privilege Vulnerability

CRITICALCVE-2026-32211EXP

Azure MCP Server Information Disclosure Vulnerability

HIGHCVE-2026-32173EXP

Azure SRE Agent Information Disclosure Vulnerability

CRITICALCVE-2026-33107

Azure Databricks Elevation of Privilege Vulnerability

HIGHCVE-2026-21510EXPKEV

Protection mechanism failure in Windows Shell allows an unauthorized attacker to bypass a security feature over a network.

Pin to Dashboard

Verification

State: verified

Confidence: 0%

Vulnerability Timeline

CVE Published

Apr 2, 2026

Discovered by ZDM

Apr 2, 2026

Updated: tags

Apr 3, 2026

Patch Available

Apr 4, 2026

Version History

v2

Last enriched 4d ago

v2Tier C4d ago

Updated description to include remote execution capability and the managed service nature of the product, and confirmed exploit availability is false.

tags

via VulDB

v14d ago

Initial creation