CVE-2026-33844EXPLOITEDPATCHED

microsoft · azure_managed_instance_for_apache_cassandra

Azure Managed Instance for Apache Cassandra Remote Code Execution Vulnerability

Description

Improper input validation in Azure Managed Instance for Apache Cassandra allows an authorized attacker to execute code over a network.

Affected Products

Vendor	Product	Versions
microsoft	azure_managed_instance_for_apache_cassandra	-

Also Affects

Downstream vendors/products affected by this vulnerability

Vendor	Product	Source	Confidence
microsoft	azure	cert_advisory	90%

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-33844(vendor-advisory, patch)

Related News (5 articles)

Tier C

Cisco Talos3h ago

Microsoft Patch Tuesday for May 2026 — Snort rules and prominent vulnerabilities

→ No new info (linked only)

Tier C

Qualys Blog3h ago

Microsoft and Adobe Patch Tuesday, May 2026 Security Update Review

→ No new info (linked only)

Tier B

BSI Advisories4d ago

[NEU] [hoch] Microsoft Azure: Mehrere Schwachstellen

→ No new info (linked only)

Tier C

VulDB4d ago

CVE-2026-33844 | Microsoft Azure Managed Instance for Apache Cassandra improper authorization

→ No new info (linked only)

Tier A

Microsoft MSRC5d ago

CVE-2026-33844 Azure Managed Instance for Apache Cassandra Remote Code Execution Vulnerability

→ No new info (linked only)

CVSS 3.19.0 CRITICAL

VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C

CISA KEV❌ No

Actively exploited✅ Yes

Patch available

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-33844

CWECWE-20

PublishedMay 7, 2026

Last enriched5d agov2

Trending Score76

Source articles5

Independent5

Info Completeness9/14

Missing: title, epss, kev, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (5)

CRITICALCVE-2026-41103EXP

Microsoft SSO Plugin for Jira & Confluence Elevation of Privilege Vulnerability

Trending: 79

HIGHCVE-2026-26129EXP

M365 Copilot Information Disclosure Vulnerability

Trending: 75

CRITICALCVE-2026-33109EXP

Azure Managed Instance for Apache Cassandra Remote Code Execution Vulnerability

Trending: 73

CRITICALCVE-2026-42898EXP

Microsoft Dynamics 365 On-Premises Remote Code Execution Vulnerability

Trending: 73

CRITICALCVE-2026-42831EXP

Microsoft Office Remote Code Execution Vulnerability

Trending: 72

Pin to Dashboard

Verification

State: verified

Confidence: 0%

Vulnerability Timeline

CVE Published

May 7, 2026

Discovered by ZDM

May 7, 2026

Updated: description, exploitAvailable, activelyExploited

May 7, 2026

Actively Exploited

May 12, 2026

Exploit Available

May 12, 2026

Patch Available

May 12, 2026

Version History

Last enriched 5d ago

v2Tier A5d ago

Added a detailed description of the vulnerability and marked it as actively exploited with an exploit available.

descriptionexploitAvailableactivelyExploited

via Microsoft MSRC

v15d ago

Initial creation