Improper authorization in Azure AI Foundry allows an unauthorized attacker to elevate privileges over a network.
The vulnerability results from improper implementation of access controls in the Azure AI Foundry service. An attacker operating remotely, without needing to possess an account or permissions, can send an appropriately crafted network request that bypasses authorization mechanisms. As a result, the attacker gains a higher level of access than they are entitled to, which in the context of a cloud environment (Scope: Changed) means potential breach of isolation boundaries between resources.
An unauthorized attacker can obtain elevated privileges in the Azure AI Foundry environment, which according to the CVSS vector leads to complete breach of confidentiality, integrity, and availability of resources. This may include access to third-party data, modification of resources, or disruption of service operations.
Security patches available from the vendor should be applied according to the references: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32213. In the case of services managed by Microsoft (SaaS/PaaS), the update may be deployed automatically on the vendor's side — verification of status in Microsoft Security Response Center is recommended.
Microsoft Azure AI Foundry — versions indicated in vendor references
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:HMicrosoft Azure Ai Foundry
APPMicrosoftwszystkie wersje
Related vulnerabilities
Improper access control in Azure AI Foundry M365 published agents allows an unauthorized attacker to elevate p...
Atak na łańcuch dostaw DAEMON Tools Lite — trojanizacja instalatorów
RCE przez deserializację niezaufanych danych w Microsoft SharePoint Server
RCE w Windows Server Update Service (WSUS) — deserializacja danych
Type confusion w V8 (Google Chrome) — zdalne uszkodzenie sterty