説明
Multiple vulnerabilities were found in Microsoft Azure. Malicious users can exploit these vulnerabilities to spoof user interface, bypass security restrictions, gain privileges, obtain sensitive information.
Below is a complete list of vulnerabilities:
- A spoofing vulnerability in Azure IOT Explorer can be exploited remotely to spoof user interface.
- An elevation of privilege vulnerability in Azure MCP Server Tools can be exploited remotely to gain privileges.
- An information disclosure vulnerability in Azure IoT Explorer can be exploited remotely to obtain sensitive information.
- An elevation of privilege vulnerability in Linux Azure Diagnostic extension (LAD) can be exploited remotely to gain privileges.
- An elevation of privilege vulnerability in Arc Enabled Servers – Azure Connected Machine Agent can be exploited remotely to gain privileges.
- An elevation of privilege vulnerability in Windows Admin Center in Azure Portal can be exploited remotely to gain privileges.
- An elevation of privilege vulnerability in Hybrid Worker Extension (Arc‑enabled Windows VMs) can be exploited remotely to gain privileges.
- An elevation of privilege vulnerability in Microsoft Azure AD SSH Login extension for Linux can be exploited remotely to gain privileges.
オリジナルアドバイザリー
- CVE-2026-26118
- CVE-2026-23662
- CVE-2026-23665
- CVE-2026-26117
- CVE-2026-23660
- CVE-2026-26141
- CVE-2026-23664
- CVE-2026-26148
- CVE-2026-23661
関連製品
- Microsoft-Windows
- Microsoft-Azure
- Azure-Connected-Machine-Agent
- Arc-Enabled-Servers-Azure-Connected-Machine-Agent
CVEリスト
- CVE-2026-23660 critical
- CVE-2026-23661 critical
- CVE-2026-23662 critical
- CVE-2026-23664 critical
- CVE-2026-23665 critical
- CVE-2026-26117 critical
- CVE-2026-26118 critical
- CVE-2026-26121 critical
- CVE-2026-26141 critical
- CVE-2026-26148 critical
も参照してください
お住まいの地域に広がる脆弱性の統計をご覧ください statistics.securelist.com
この脆弱性についての記述に不正確な点がありますか? お知らせください!