CRITICAL✓ PATCH🇵🇱 Wersja polska

CVE-2026-48567

CVSS 10.0v3.1pub. 2026-06-04upd. 2026-06-05

Authentication bypass by spoofing in Azure HorizonDB allows an unauthorized attacker to elevate privileges over a network.

🤖 AI Analysis
How it works

An attacker can remotely impersonate an authorized identity (spoofing), bypassing Azure HorizonDB authentication mechanisms without possessing any credentials. The vulnerability does not require user interaction or specific network conditions (low attack complexity, no required privileges). Successful exploitation of the vulnerability causes privilege escalation in a context that exceeds the original resource scope (Scope: Changed).

Impact

An attacker can obtain elevated privileges in the Azure HorizonDB service, leading to unauthorized data modification or disruption of service availability (high impact on integrity and availability).

Mitigation & patch

Apply patches available from the manufacturer according to the references: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-48567

Who is affected

Microsoft Azure HorizonDB — versions indicated in the manufacturer's references

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:H
  • Microsoft Azure Horizondb

    APP
    Microsoft
    wszystkie wersje
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
Tags
Auth Bypass
CWE
References

Related vulnerabilities

CVE-2026-8398CRITICAL9.3⚠ KEVPL ✓ten sam vendor

Atak na łańcuch dostaw DAEMON Tools Lite — trojanizacja instalatorów

CVE-2026-20963CRITICAL9.8⚠ KEVPL ✓ten sam vendor

RCE przez deserializację niezaufanych danych w Microsoft SharePoint Server

CVE-2025-59287CRITICAL9.8⚠ KEVPL ✓ten sam vendor

RCE w Windows Server Update Service (WSUS) — deserializacja danych

CVE-2025-10585CRITICAL9.8⚠ KEVPL ✓ten sam vendor

Type confusion w V8 (Google Chrome) — zdalne uszkodzenie sterty

CVE-2025-53770CRITICAL9.8⚠ KEVPL ✓ten sam vendor

RCE przez deserialization w Microsoft SharePoint Server (on-premises)