Description
Cleartext transmission of sensitive information in Azure IoT Explorer allows an unauthorized attacker to disclose information over a network.
Published: 2026-03-10
Score: 7.5 High
EPSS: < 1% Very Low
KEV: No
Impact: Information Disclosure
Action: Patch Now
AI Analysis

Impact

The vulnerability in Microsoft Azure IoT Explorer allows sensitive information to be transmitted in cleartext, enabling an unauthorized attacker to capture and disclose confidential data. It represents a classic instance of the weakness described by CWE-319, Cleartext Transmission of Sensitive Information, and primarily compromises the confidentiality of the data exchanged by the Explorer application.

Affected Systems

Affected by this vulnerability is Microsoft Azure IoT Explorer. No specific product versions are listed in the CNA data; the vulnerability applies to all versions of Azure IoT Explorer identified by the common platform enumeration cpe:2.3:a:microsoft:azure_iot_explorer:*:*:*:*:*:*:*:*.

Risk and Exploitability

The vulnerability has a CVSS score of 7.5, indicating a high impact severity. EPSS indicates an exploit probability of less than 1%, suggesting that exploitation is unlikely to occur spontaneously in the near term. The vulnerability is not listed in CISA's KEV catalog. The attack vector is inferred to be network-based: an attacker capable of intercepting traffic between Azure IoT Explorer and its associated services can read the cleartext data. The risk is significant for environments where sensitive data is transmitted without encryption and where the network may be accessible to untrusted actors.

Generated by OpenCVE AI on March 16, 2026 at 23:16 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Visit the Microsoft Security Response Center website and download the latest Azure IoT Explorer update that removes the cleartext transmission flaw.
  • Apply the update to all affected instances as soon as possible to prevent data disclosure.
  • If an immediate update is not feasible, isolate Azure IoT Explorer from untrusted networks or use a VPN/SSL tunnel to encrypt traffic until the patch can be applied.

Generated by OpenCVE AI on March 16, 2026 at 23:16 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 10 Mar 2026 19:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 10 Mar 2026 17:30:00 +0000

Type Values Removed Values Added
Description Cleartext transmission of sensitive information in Azure IoT Explorer allows an unauthorized attacker to disclose information over a network.
Title Azure IoT Explorer Information Disclosure Vulnerability
First Time appeared Microsoft
Microsoft azure Iot Explorer
Weaknesses CWE-319
CPEs cpe:2.3:a:microsoft:azure_iot_explorer:*:*:*:*:*:*:*:*
Vendors & Products Microsoft
Microsoft azure Iot Explorer
References
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C'}

Subscriptions

Microsoft Azure Iot Explorer
cve-icon MITRE

Status: PUBLISHED

Assigner: microsoft

Published:

Updated: 2026-03-27T22:33:11.942Z

Reserved: 2026-01-14T16:59:33.463Z

Link: CVE-2026-23661

cve-icon Vulnrichment

Updated: 2026-03-10T18:40:47.494Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-10T18:18:14.210

Modified: 2026-03-12T19:31:06.573

Link: CVE-2026-23661

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-20T14:34:09Z

Weaknesses