CRITICAL✓ PATCH🇵🇱 Wersja polska

CVE-2026-33105

CVSS 10.0v3.1pub. 2026-04-03upd. 2026-04-06

Improper authorization in Microsoft Azure Kubernetes Service allows an unauthorized attacker to elevate privileges over a network.

🤖 AI Analysis
How it works

The vulnerability consists of improper authorization (CWE-285, CWE-863), meaning that access control mechanisms in Microsoft Azure Kubernetes Service do not correctly verify the requester's permissions. An attacker without any credentials, acting remotely over the network, can bypass these controls and obtain elevated privileges. The attack vector does not require user interaction or special prerequisites, making the exploit particularly easy to carry out at scale.

Impact

An attacker can obtain elevated privileges in the Azure Kubernetes Service environment, potentially leading to complete takeover of the cluster, disclosure of sensitive data, and disruption of hosted containerized applications.

Mitigation & patch

Apply patches available from the vendor according to references — updates described in Microsoft Security Response Center at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-33105. It is recommended to immediately check patch availability and deploy them, as well as monitor unauthorized access attempts to AKS clusters.

Who is affected

Microsoft Azure Kubernetes Service — versions indicated in vendor references (https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-33105)

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
  • Microsoft Azure Kubernetes Service

    APP
    Microsoft
    wszystkie wersje
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
Tags
Container
CWE
References

Related vulnerabilities

CVE-2024-21376CRITICAL9.0PL ✓ten sam produkt

RCE w Microsoft Azure Kubernetes Service Confidential Containers

CVE-2024-21403CRITICAL9.0PL ✓ten sam produkt

Privilege escalation w Azure Kubernetes Service Confidential Containers

CVE-2023-29332HIGH7.5ten sam produkt

Microsoft Azure Kubernetes Service Elevation of Privilege Vulnerability

CVE-2021-27075MEDIUM6.8ten sam produkt

Azure Virtual Machine Information Disclosure Vulnerability

CVE-2021-24109MEDIUM6.8ten sam produkt

Microsoft Azure Kubernetes Service Elevation of Privilege Vulnerability