CVE-2026-32173EXPLOITEDPATCHED

microsoft · azure_sre_agent

Azure SRE Agent Information Disclosure Vulnerability

Description

Improper authentication in Azure SRE Agent allows an unauthorized attacker to disclose information over a network.

Affected Products

Vendor	Product	Versions
microsoft	azure_sre_agent	-

Also Affects

Downstream vendors/products affected by this vulnerability

Vendor	Product	Source	Confidence
microsoft	azure	cert_advisory	90%

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32173(vendor-advisory, patch)

Related News (3 articles)

Tier B

BSI Advisories3h ago

[NEU] [hoch] Microsoft Azure: Mehrere Schwachstellen

→ No new info (linked only)

Tier C

VulDB4d ago

CVE-2026-32173 | Microsoft Azure SRE Agent Gateway improper authentication

→ No new info (linked only)

Tier A

Microsoft MSRC4d ago

CVE-2026-32173 Azure SRE Agent Information Disclosure Vulnerability

→ No new info (linked only)

CVSS 3.18.6 HIGH

VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C

CISA KEV❌ No

Actively exploited✅ Yes

Patch available

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32173

CWECWE-287

PublishedApr 2, 2026

Last enriched4d agov2

Trending Score71

Source articles3

Independent3

Info Completeness9/14

Missing: title, epss, kev, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (5)

CRITICALCVE-2026-32213EXP

Azure AI Foundry Elevation of Privilege Vulnerability

Trending: 79

CRITICALCVE-2026-32211EXP

Azure MCP Server Information Disclosure Vulnerability

Trending: 79

CRITICALCVE-2026-33105

Microsoft Azure Kubernetes Service Elevation of Privilege Vulnerability

Trending: 60

CRITICALCVE-2026-33107

Azure Databricks Elevation of Privilege Vulnerability

Trending: 60

HIGHCVE-2026-21510EXPKEV

Protection mechanism failure in Windows Shell allows an unauthorized attacker to bypass a security feature over a network.

Trending: 42

Pin to Dashboard

Verification

State: verified

Confidence: 0%

Vulnerability Timeline

CVE Published

Apr 2, 2026

Discovered by ZDM

Apr 2, 2026

Updated: description, exploitAvailable, activelyExploited

Apr 2, 2026

Actively Exploited

Apr 3, 2026

Exploit Available

Apr 3, 2026

Patch Available

Apr 3, 2026

Version History

Last enriched 4d ago

v2Tier A4d ago

Added a description detailing the improper authentication vulnerability and marked it as actively exploited with an exploit available.

descriptionexploitAvailableactivelyExploited

via Microsoft MSRC

v14d ago

Initial creation