Description
Azure Front Door Elevation of Privilege Vulnerability
Published: 2026-02-05
Score: 9.8 Critical
EPSS: 1.3% Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Azure Front Door includes an elevation of privilege flaw that permits an attacker to acquire higher‑than‑intended access to the service. The weakness arises from improper access control within the Azure Front Door management interface, allowing operations that modify routing rules, security policies, or other configuration settings. If successful, an attacker could compromise confidentiality by redirecting traffic, alter integrity by injecting malicious payloads or creating unauthorized endpoints, and disrupt availability by misconfiguring health probes or rate limiting. The threat is classified under CWE‑284, which denotes authorization weaknesses. Based on the description, the attack may require legitimate credentials that have been granted higher privileges than intended or exploited through an existing misconfiguration.

Affected Systems

The vulnerability affects Microsoft Azure Front Door, a cloud‑based load‑balancing and routing service. No specific versions are listed; Microsoft's advisory does not enumerate affected releases.

Risk and Exploitability

The CVSS score of 9.8 indicates a critical severity. The EPSS score of 1% indicates a very low, but non‑zero likelihood of exploitation in the wild. The vulnerability is not yet listed in the CISA KEV catalog. Attackers would almost certainly approach the flaw remotely through web or API requests to Azure Front Door's management endpoints, possibly leveraging compromised credentials or misconfigured roles; this inference is based on the limited input which only mentions privilege escalation within the management interface. Successful exploitation would grant escalated privileges within the service, enabling a range of disruptive or data‑exfiltrative actions.

Generated by OpenCVE AI on June 18, 2026 at 05:15 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update Azure Front Door to the latest version as advised by Microsoft.
  • Apply RBAC to restrict management permissions and enable multi‑factor authentication for privileged accounts.
  • Enable and monitor Azure Activity Logs for changes to Front Door configurations, and set alerting for suspicious activity.

Generated by OpenCVE AI on June 18, 2026 at 05:15 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 12 Feb 2026 19:15:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:microsoft:azure_front_door:-:*:*:*:*:*:*:*

Fri, 06 Feb 2026 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Thu, 05 Feb 2026 22:30:00 +0000

Type Values Removed Values Added
Description Azure Front Door Elevation of Privilege Vulnerability
Title Azure Front Door Elevation of Privilege Vulnerability
First Time appeared Microsoft
Microsoft azure Front Door
Weaknesses CWE-284
CPEs cpe:2.3:a:microsoft:azure_front_door:*:*:*:*:*:*:*:*
Vendors & Products Microsoft
Microsoft azure Front Door
References
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C'}


Subscriptions

Microsoft Azure Front Door
cve-icon MITRE

Status: PUBLISHED

Assigner: microsoft

Published:

Updated: 2026-05-11T21:25:26.218Z

Reserved: 2026-01-21T21:28:02.969Z

Link: CVE-2026-24300

cve-icon Vulnrichment

Updated: 2026-02-06T13:41:47.197Z

cve-icon NVD

Status : Analyzed

Published: 2026-02-05T23:15:54.490

Modified: 2026-06-17T10:22:51.803

Link: CVE-2026-24300

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-18T05:30:15Z

Weaknesses