Azure Arc Elevation of Privilege Vulnerability

Description

Improper access control in Azure Arc allows an unauthorized attacker to elevate privileges over a network.

Affected Products

Vendor	Product	Versions
microsoft	azure_arc	-

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-24302(vendor-advisory, patch)

Related News (1 articles)

Tier A

Microsoft MSRC3h ago

CVE-2026-24302 Azure Arc Elevation of Privilege Vulnerability

→ No new info (linked only)

CVSS 3.18.6 HIGH

VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C

CISA KEV❌ No

Actively exploited❌ No

Patch available

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-24302

CWECWE-284

PublishedFeb 5, 2026

Last enriched8d ago

Trending Score42

Source articles1

Independent1

Info Completeness7/14

Missing: versions, epss, kev, exploit, patch, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (5)

HIGHCVE-2026-21513EXPKEV

MSHTML Framework Security Feature Bypass Vulnerability

Trending: 85

HIGHCVE-2026-21509EXPKEV

Reliance on untrusted inputs in a security decision in Microsoft Office allows an unauthorized attacker to bypass a security feature locally.

Trending: 70

CRITICALCVE-2026-32211EXP

Azure MCP Server Information Disclosure Vulnerability

Trending: 49

CRITICALCVE-2026-32213EXP

Azure AI Foundry Elevation of Privilege Vulnerability

Trending: 49

HIGHCVE-2026-32173EXP

Azure SRE Agent Information Disclosure Vulnerability

Trending: 44

Pin to Dashboard

Verification

State: verified

Confidence: 100%

Vulnerability Timeline

CVE Published

Feb 5, 2026

Discovered by ZDM

Apr 1, 2026

Patch Available

Apr 10, 2026