Description
Improper restriction of communication channel to intended endpoints in Azure IoT Explorer allows an unauthorized attacker to disclose information over a network.
Published: 2026-03-10
Score: 7.5 High
EPSS: < 1% Very Low
KEV: No
Impact: Information Disclosure
Action: Apply Patch
AI Analysis

Impact

The vulnerability arises from improper restriction of a communication channel to intended endpoints in Azure IoT Explorer. An attacker who can interact with the device over the network could gain unauthorized access to sensitive information without higher privileges. This weakness is classified as CWE-923, which indicates that confidential data may be disclosed to an attacker who should not have access to it. The potential impact is primarily confidentiality loss; there is no indication of denial of service or persistence in the official description.

Affected Systems

Affected users are those who run Microsoft Azure IoT Explorer. The CVE entry does not list specific affected versions or release notes, so any installation of Azure IoT Explorer that has not yet applied the official update may be vulnerable. It is recommended to verify the version against Microsoft’s advisory referenced in the CVE entry.

Risk and Exploitability

The CVSS score is 7.5, indicating a high severity vulnerability when exploited. The EPSS score is below 1 %, suggesting that the likelihood of exploitation in the wild is currently low. The vulnerability is not listed in CISA’s KEV catalog, so there are no publicly documented exploits to date. Based on the description, the likely attack vector would require network access to the device; an attacker must be able to communicate with the IoT Explorer or the device it manages.

Generated by OpenCVE AI on March 16, 2026 at 23:35 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Download and install the latest Azure IoT Explorer update from Microsoft’s patch portal. If a patch is not yet available, restrict network access to the Explorer to trusted hosts only or disable the exposed communication channel until an update is applied.

Generated by OpenCVE AI on March 16, 2026 at 23:35 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 11 Mar 2026 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 10 Mar 2026 17:30:00 +0000

Type Values Removed Values Added
Description Improper restriction of communication channel to intended endpoints in Azure IoT Explorer allows an unauthorized attacker to disclose information over a network.
Title Azure IoT Explorer Information Disclosure Vulnerability
First Time appeared Microsoft
Microsoft azure Iot Explorer
Weaknesses CWE-923
CPEs cpe:2.3:a:microsoft:azure_iot_explorer:*:*:*:*:*:*:*:*
Vendors & Products Microsoft
Microsoft azure Iot Explorer
References
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C'}

Subscriptions

Microsoft Azure Iot Explorer
cve-icon MITRE

Status: PUBLISHED

Assigner: microsoft

Published:

Updated: 2026-03-27T22:32:22.545Z

Reserved: 2026-01-14T16:59:33.463Z

Link: CVE-2026-23664

cve-icon Vulnrichment

Updated: 2026-03-11T14:46:33.716Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-10T18:18:14.523

Modified: 2026-03-12T19:31:49.423

Link: CVE-2026-23664

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-20T14:31:46Z

Weaknesses