Description
Missing authentication for critical function in Azure IoT Explorer allows an unauthorized attacker to disclose information over a network.
Published: 2026-03-10
Score: 7.5 High
EPSS: < 1% Very Low
KEV: No
Impact: Information Disclosure
Action: Apply Patch
AI Analysis

Impact

The vulnerability arises from missing authentication for a critical function in Azure IoT Explorer, allowing an unauthorized party to retrieve sensitive data. The primary impact is a confidentiality breach, as the attacker can read configuration or other protected information. The weakness corresponds to CWE-306 (Missing Authentication Related to Access Control) and CWE-319 (Cleartext Transmission of Sensitive Information).

Affected Systems

Microsoft Azure IoT Explorer is the affected product. No specific version information is provided in the CVE entry, so all versions of the product should be reviewed for susceptibility.

Risk and Exploitability

The CVSS score of 7.5 indicates a High severity vulnerability. The EPSS score is reported as less than 1%, suggesting a low probability of exploitation at present. The vulnerability is not listed in the CISA KEV catalog. Attackers could exploit the flaw over the network by accessing the unprotected function, without needing local or elevated privileges.

Generated by OpenCVE AI on March 16, 2026 at 23:16 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Verify the current Azure IoT Explorer version and consult Microsoft’s update guide for the latest security patch.
  • If the vulnerable version is in use, apply the vendor’s latest patch as soon as it is released.
  • In the meantime, limit network access to the Azure IoT Explorer component to trusted users and isolate it from untrusted networks.

Generated by OpenCVE AI on March 16, 2026 at 23:16 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 10 Mar 2026 20:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 10 Mar 2026 17:30:00 +0000

Type Values Removed Values Added
Description Missing authentication for critical function in Azure IoT Explorer allows an unauthorized attacker to disclose information over a network.
Title Azure IoT Explorer Information Disclosure Vulnerability
First Time appeared Microsoft
Microsoft azure Iot Explorer
Weaknesses CWE-306
CWE-319
CPEs cpe:2.3:a:microsoft:azure_iot_explorer:*:*:*:*:*:*:*:*
Vendors & Products Microsoft
Microsoft azure Iot Explorer
References
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C'}

Subscriptions

Microsoft Azure Iot Explorer
cve-icon MITRE

Status: PUBLISHED

Assigner: microsoft

Published:

Updated: 2026-03-27T22:33:12.507Z

Reserved: 2026-01-14T16:59:33.463Z

Link: CVE-2026-23662

cve-icon Vulnrichment

Updated: 2026-03-10T19:53:42.482Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-10T18:18:14.373

Modified: 2026-03-12T19:32:14.227

Link: CVE-2026-23662

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-20T14:34:08Z

Weaknesses