CVE-2026-26118

Medienbericht

EPSS 0.05%
Veröffentlicht 10.03.2026 17:05:21
Zuletzt bearbeitet 13.03.2026 20:12:47
Quelle secure@microsoft.com
CVE-Watchlists
Login
Unerledigt
Login

Azure MCP Server Tools Elevation of Privilege Vulnerability

Server-side request forgery (ssrf) in Azure MCP Server allows an authorized attacker to elevate privileges over a network.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 5

NVD 17 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Microsoft ≫ Azure Mcp Server Version < 2.0.0

Microsoft ≫ Azure Mcp Server Version2.0.0 Updatebeta1

Microsoft ≫ Azure Mcp Server Version2.0.0 Updatebeta10

Microsoft ≫ Azure Mcp Server Version2.0.0 Updatebeta11

Microsoft ≫ Azure Mcp Server Version2.0.0 Updatebeta12

Microsoft ≫ Azure Mcp Server Version2.0.0 Updatebeta13

Microsoft ≫ Azure Mcp Server Version2.0.0 Updatebeta14

Microsoft ≫ Azure Mcp Server Version2.0.0 Updatebeta15

Microsoft ≫ Azure Mcp Server Version2.0.0 Updatebeta16

Microsoft ≫ Azure Mcp Server Version2.0.0 Updatebeta2

Microsoft ≫ Azure Mcp Server Version2.0.0 Updatebeta3

Microsoft ≫ Azure Mcp Server Version2.0.0 Updatebeta4

Microsoft ≫ Azure Mcp Server Version2.0.0 Updatebeta5

Microsoft ≫ Azure Mcp Server Version2.0.0 Updatebeta6

Microsoft ≫ Azure Mcp Server Version2.0.0 Updatebeta7

Microsoft ≫ Azure Mcp Server Version2.0.0 Updatebeta8

Microsoft ≫ Azure Mcp Server Version2.0.0 Updatebeta9

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.05%	0.135

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
secure@microsoft.com	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-918 Server-Side Request Forgery (SSRF)

The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

https://thehackernews.com/2026/03/microsoft-patches-84-flaws-in-march.html

Media Report

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26118

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2026-26118

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-26118

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-26118

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2026-26118