Improper authentication in Azure Resource Manager (ARM) allows an unauthorized attacker to elevate privileges over a network.
The vulnerability consists of improper implementation of the authentication mechanism (CWE-287) in Azure Resource Manager. An attacker can send specially crafted network requests to ARM without possessing valid credentials, and the service incorrectly treats such requests as authorized. The attack vector is network-based, requires no prior privileges (PR:N) or user interaction (UI:N), and the scope of the attack extends beyond the directly vulnerable component (S:C).
An unauthenticated attacker can obtain elevated privileges in an Azure environment, potentially taking control of cloud resources, reading sensitive data, modifying infrastructure configurations, or causing unavailability.
Apply patches available from the vendor according to the references — detailed update information available at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-47280. As an interim measure, it is recommended to restrict network access to ARM and monitor logs for unauthorized API calls.
Azure Resource Manager (ARM) — versions indicated in the vendor references (Microsoft Security Response Center)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:HMicrosoft Azure Resource Manager
APPMicrosoftwszystkie wersje
Related vulnerabilities
Pominięcie uwierzytelnienia w Azure Local Disconnected Operations — eskalacja uprawnień
Nieprawidłowa kontrola dostępu w Azure Resource Manager — privilege escalation
Atak na łańcuch dostaw DAEMON Tools Lite — trojanizacja instalatorów
RCE przez deserializację niezaufanych danych w Microsoft SharePoint Server
RCE w Windows Server Update Service (WSUS) — deserializacja danych