Description
Binding to an unrestricted ip address in Azure IoT Explorer allows an unauthorized attacker to disclose information over a network.
Published: 2026-02-10
Score: 6.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Information Disclosure
Action: Patch
AI Analysis

Impact

A flaw in Azure IoT Explorer allows an attacker to bind the application to an unrestricted IP address, enabling the discovery of internal configuration or status information. The vulnerability stems from improper handling of network settings, which is consistent with the weaknesses identified in CWE-1327 and CWE-668. Because the exposed data can be gathered over the network, the primary impact is the unauthorized disclosure of potentially sensitive information.

Affected Systems

Microsoft Azure IoT Explorer is the product affected. No specific version information is listed in the CVE data, so all current installations are potentially impacted until a fix is applied.

Risk and Exploitability

The CVSS base score is 6.5, indicating a moderate severity. Meanwhile, the EPSS score is under 1%, meaning the probability of exploitation is very low at the time of analysis. The vulnerability is not listed in the CISA KEV catalog. Based on the description, the likely attack vector is remote over a network; an attacker who can reach the exposed port can exploit the binding flaw to learn information.

Generated by OpenCVE AI on April 15, 2026 at 16:29 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Azure IoT Explorer to the latest release that addresses the IP binding issue.
  • Reconfigure the explorer to bind only to localhost or a protected subnet, preventing exposure to external networks.
  • Deploy firewall rules that block unwanted network traffic to the port used by Azure IoT Explorer.

Generated by OpenCVE AI on April 15, 2026 at 16:29 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 19 Feb 2026 17:15:00 +0000

Type Values Removed Values Added
Description Binding to an unrestricted ip address in Azure IoT SDK allows an unauthorized attacker to disclose information over a network. Binding to an unrestricted ip address in Azure IoT Explorer allows an unauthorized attacker to disclose information over a network.

Wed, 11 Feb 2026 21:45:00 +0000

Type Values Removed Values Added
Weaknesses CWE-668

Wed, 11 Feb 2026 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 10 Feb 2026 18:15:00 +0000

Type Values Removed Values Added
Description Binding to an unrestricted ip address in Azure IoT SDK allows an unauthorized attacker to disclose information over a network.
Title Azure IoT Explorer Information Disclosure Vulnerability
First Time appeared Microsoft
Microsoft azure Iot Explorer
Weaknesses CWE-1327
CPEs cpe:2.3:a:microsoft:azure_iot_explorer:*:*:*:*:*:*:*:*
Vendors & Products Microsoft
Microsoft azure Iot Explorer
References
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C'}

Subscriptions

Microsoft Azure Iot Explorer
cve-icon MITRE

Status: PUBLISHED

Assigner: microsoft

Published:

Updated: 2026-04-10T13:21:18.448Z

Reserved: 2025-12-30T18:10:54.847Z

Link: CVE-2026-21528

cve-icon Vulnrichment

Updated: 2026-02-11T15:34:30.298Z

cve-icon NVD

Status : Modified

Published: 2026-02-10T18:16:35.273

Modified: 2026-02-19T17:24:48.437

Link: CVE-2026-21528

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-15T17:45:10Z

Weaknesses