Description
Stack-based buffer overflow in Azure Connected Machine Agent allows an authorized attacker to elevate privileges locally.
Published: 2026-01-13
Score: 7.8 High
EPSS: < 1% Very Low
KEV: No
Impact: Privilege Escalation
Action: Immediate Patch
AI Analysis

Impact

The flaw is a stack-based buffer overflow that can be triggered by an authorized local attacker against the Azure Connected Machine Agent. Exploiting this overflow permits the attacker to overwrite control data on the stack and gain elevated privileges on the host, enabling any action normally restricted to higher-privileged accounts. The weakness is classified as CWE-121, which describes unprotected or inadequately protected buffer access that may lead to memory corruption.

Affected Systems

The vulnerability affects Microsoft Azure Connected Machine Agent. No specific affected version range is listed, so all instances running a pre‑fix version remain vulnerable until a patch is applied.

Risk and Exploitability

With a CVSS score of 7.8, the incident poses high impact if exploited, yet the EPSS score of less than 1% indicates a low likelihood of exploitation at present. The vulnerability is not included in the CISA Known Exploited Vulnerabilities list, and no public exploit is known. The attack vector is inferred to be local, requiring the attacker to have some level of authorized access to execute code within the agent process and trigger the overflow.

Generated by OpenCVE AI on April 16, 2026 at 18:14 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Check Microsoft’s update guide for an Azure Connected Machine Agent patch that addresses the stack-based overflow and install it immediately.
  • If no patch is available, upgrade the agent to the latest public release that provides a robust stack protection measure to mitigate the buffer overflow.
  • Restrict the agent’s execution privileges to the minimum required account and disable the agent if ongoing monitoring cannot be guaranteed until a patch is applied.

Generated by OpenCVE AI on April 16, 2026 at 18:14 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 13 Jan 2026 22:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 13 Jan 2026 18:15:00 +0000

Type Values Removed Values Added
Description Stack-based buffer overflow in Azure Connected Machine Agent allows an authorized attacker to elevate privileges locally.
Title Azure Connected Machine Agent Elevation of Privilege Vulnerability
First Time appeared Microsoft
Microsoft azure Connected Machine Agent
Weaknesses CWE-121
CPEs cpe:2.3:a:microsoft:azure_connected_machine_agent:*:*:*:*:*:*:*:*
Vendors & Products Microsoft
Microsoft azure Connected Machine Agent
References
Metrics cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C'}

Subscriptions

Microsoft Azure Connected Machine Agent
cve-icon MITRE

Status: PUBLISHED

Assigner: microsoft

Published:

Updated: 2026-04-01T13:49:00.969Z

Reserved: 2025-12-11T21:02:05.732Z

Link: CVE-2026-21224

cve-icon Vulnrichment

Updated: 2026-01-13T21:44:13.193Z

cve-icon NVD

Status : Analyzed

Published: 2026-01-13T18:16:24.883

Modified: 2026-01-14T20:39:55.727

Link: CVE-2026-21224

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-16T18:15:43Z

Weaknesses