Description
Multiple vulnerabilities were found in Microsoft Azure. Malicious users can exploit these vulnerabilities to gain privileges, execute arbitrary code, obtain sensitive information.
Below is a complete list of vulnerabilities:
- An elevation of privilege vulnerability in Microsoft Entra ID can be exploited remotely to gain privileges.
- An elevation of privilege vulnerability in Azure Resource Manager can be exploited remotely to gain privileges.
- An elevation of privilege vulnerability in Microsoft Azure Active Directory B2C can be exploited remotely to gain privileges.
- A remote code execution vulnerability in Azure Orbital Spatio can be exploited remotely to execute arbitrary code.
- A remote code execution vulnerability in Azure Virtual Network Gateway can be exploited remotely to execute arbitrary code.
- An information disclosure vulnerability in Microsoft Global Secure Access (GSA) can be exploited remotely to gain privileges.
- An information disclosure vulnerability in Azure Stack HCI can be exploited remotely to obtain sensitive information.
- An elevation of privilege vulnerability in Azure Privileged Identity Management (PIM) can be exploited remotely to gain privileges.
Original advisories
- CVE-2026-47280
- CVE-2026-33843
- CVE-2026-40412
- CVE-2026-40411
- CVE-2026-23663
- CVE-2026-26147
- CVE-2026-35430
Exploitation
Related products
CVE list
- CVE-2026-42901 critical
- CVE-2026-47280 critical
- CVE-2026-33843 critical
- CVE-2026-40412 critical
- CVE-2026-40411 critical
- CVE-2026-23663 critical
- CVE-2026-26147 critical
- CVE-2026-35430 critical
KB list
Read more
Find out the statistics of the vulnerabilities spreading in your region on statistics.securelist.com
Found an inaccuracy in the description of this vulnerability? Let us know!