Azure security advisories
19 threat alerts tracking vulnerabilities and security advisories that affect Azure products.
Vulnios monitors Azure CVE feeds, vendor advisories, CISA KEV listings, and exploit-prediction data continuously. Each alert below is enriched with severity, exploitation status, affected products, and a remediation path. Use this page to scan recent Azure security news in one place, or click into an individual alert for full detail.
CVE-2026-33833 Azure Machine Learning Notebook Spoofing Vulnerability
Improper neutralization of special elements in output used by a downstream component ('injection') in Azure Machine Learning allows an unauthorized attacker to perform spoofing over a network.
criticalCVE-2026-33833CVE-2026-40381 Azure Connected Machine Agent Elevation of Privilege Vulnerability
Improper access control in Azure Connected Machine Agent allows an authorized attacker to elevate privileges locally.
criticalCVE-2026-40381CVE-2026-32204 Azure Monitor Agent Elevation of Privilege Vulnerability
External control of file name or path in Azure Monitor Agent allows an authorized attacker to elevate privileges locally.
criticalCVE-2026-32204CVE-2026-42823 Azure Logic Apps Elevation of Privilege Vulnerability
Improper access control in Azure Logic Apps allows an authorized attacker to elevate privileges over a network.
criticalCVE-2026-42823CVE-2026-33117 Azure SDK for Java Security Feature Bypass Vulnerability
Improper authentication in Azure SDK allows an unauthorized attacker to bypass a security feature over a network.
criticalCVE-2026-33117CVE-2026-41086 Windows Admin Center in Azure Portal Elevation of Privilege Vulnerability
Improper access control in Windows Admin Center allows an authorized attacker to elevate privileges over a network.
criticalCVE-2026-41086CVE-2026-42830 Azure Monitor Agent Metrics Extension Elevation of Privilege Vulnerability
Untrusted search path in Azure Monitor Agent allows an authorized attacker to elevate privileges locally.
criticalCVE-2026-42830CVE-2026-35435 Azure AI Foundry Elevation of Privilege Vulnerability
Improper access control in Azure AI Foundry M365 published agents allows an unauthorized attacker to elevate privileges over a network.
criticalCVE-2026-35435CVE-2026-35428 Azure Cloud Shell Spoofing Vulnerability
Improper neutralization of special elements used in a command ('command injection') in Azure Cloud Shell allows an unauthorized attacker to perform spoofing over a network.
criticalCVE-2026-35428CVE-2026-41105 Azure Monitor Action Group Notification System Elevation of Privilege Vulnerability
Server-side request forgery (ssrf) in Azure Notification Service allows an authorized attacker to elevate privileges over a network.
criticalCVE-2026-41105CVE-2026-42826 Azure DevOps Information Disclosure Vulnerability
Exposure of sensitive information to an unauthorized actor in Azure DevOps allows an unauthorized attacker to disclose information over a network.
criticalCVE-2026-42826CVE-2026-32207 Azure Machine Learning Notebook Spoofing Vulnerability
Improper neutralization of input during web page generation ('cross-site scripting') in Azure Machine Learning allows an unauthorized attacker to perform spoofing over a network.
criticalCVE-2026-32207CVE-2026-42151 Prometheus Azure AD remote write OAuth client secret exposed via config API
Microsoft Security Response Center published an advisory on "CVE-2026-42151 Prometheus Azure AD remote write OAuth client secret exposed via config API". Topic areas: microsoft, windows, azure, patch.
criticalCVE-2026-42151ConsentFix v3 attacks target Azure with automated OAuth abuse
ConsentFix v3 attacks target Azure with automated OAuth abuse
criticalABB Ability OPTIMAX
View CSAF Summary Successful exploitation of this vulnerability could allow an attacker to bypass user authentication on OPTIMAX installations that make use of the Azure Active Directory Single-Sign O
criticalCVE-2025-14510CVE-2026-21515 Azure IoT Central Elevation of Privilege Vulnerability
Exposure of sensitive information to an unauthorized actor in Azure IOT Central allows an authorized attacker to elevate privileges over a network.
criticalCVE-2026-21515CVE-2026-32168 Azure Monitor Agent Elevation of Privilege Vulnerability
Improper input validation in Azure Monitor Agent allows an authorized attacker to elevate privileges locally.
criticalCVE-2026-32168CVE-2026-32171 Azure Logic Apps Elevation of Privilege Vulnerability
Insufficiently protected credentials in Azure Logic Apps allows an authorized attacker to elevate privileges over a network.
criticalCVE-2026-32171CVE-2026-32192 Azure Monitor Agent Elevation of Privilege Vulnerability
Deserialization of untrusted data in Azure Monitor Agent allows an authorized attacker to elevate privileges locally.
criticalCVE-2026-32192
Track Azure exposure across your environment
Vulnios automatically cross-references your asset inventory against new Azure CVEs and surfaces only what affects you. No more sifting manually — actionable findings only.
Start a free scan