CVE-2026-33107PATCHED

microsoft · azure_databricks

Azure Databricks Elevation of Privilege Vulnerability

Description

Server-side request forgery (ssrf) in Azure Databricks allows an unauthorized attacker to elevate privileges over a network.

Affected Products

Vendor	Product	Versions
microsoft	azure_databricks	-

Also Affects

Downstream vendors/products affected by this vulnerability

Vendor	Product	Source	Confidence
microsoft	azure	cert_advisory	90%

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-33107(vendor-advisory, patch)

Related News (3 articles)

Tier B

BSI Advisories5h ago

[NEU] [hoch] Microsoft Azure: Mehrere Schwachstellen

→ No new info (linked only)

Tier C

VulDB4d ago

CVE-2026-33107 | Microsoft Azure Databricks server-side request forgery

→ No new info (linked only)

Tier A

Microsoft MSRC5d ago

CVE-2026-33107 Azure Databricks Elevation of Privilege Vulnerability

→ No new info (linked only)

CVSS 3.110.0 CRITICAL

VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C

CISA KEV❌ No

Actively exploited❌ No

Patch available

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-33107

CWECWE-918

PublishedApr 2, 2026

Trending Score59

Source articles3

Independent3

Info Completeness0/14

Missing: cve_id, title, description, vendor, product, versions, cvss, epss, cwe, kev, exploit, patch, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (5)

CRITICALCVE-2026-32211EXP

Azure MCP Server Information Disclosure Vulnerability

Trending: 78

CRITICALCVE-2026-32213EXP

Azure AI Foundry Elevation of Privilege Vulnerability

Trending: 78

HIGHCVE-2026-32173EXP

Azure SRE Agent Information Disclosure Vulnerability

Trending: 71

CRITICALCVE-2026-33105

Microsoft Azure Kubernetes Service Elevation of Privilege Vulnerability

Trending: 59

HIGHCVE-2026-21510EXPKEV

Protection mechanism failure in Windows Shell allows an unauthorized attacker to bypass a security feature over a network.

Trending: 42

Pin to Dashboard

Verification

State: unverified

Confidence: 0%

Vulnerability Timeline

CVE Published

Apr 2, 2026

Discovered by ZDM

Apr 3, 2026

Patch Available

Apr 7, 2026