Description
Improper access control in Azure Front Door (AFD) allows an unauthorized attacker to elevate privileges over a network.
Published: 2026-01-22
Score: 9.8 Critical
EPSS: < 1% Very Low
KEV: No
Impact: Privilege Escalation
Action: Immediate Patch
AI Analysis

Impact

Improper access control in Azure Front Door enables an unauthorized attacker to elevate privileges over a network. This can allow an attacker to gain higher permissions within Azure Front Door, potentially compromising resources protected by the service. The weakness is identified as CWE-284, improper authorization.

Affected Systems

Microsoft Azure Front Door is affected. No specific version details are provided, implying that all current Azure Front Door deployments that have not applied the latest security update are vulnerable.

Risk and Exploitability

The CVSS score of 9.8 signals a severe risk, while the EPSS score of less than 1% indicates that exploitation is expected to be uncommon at this time. The vulnerability is not yet listed in the CISA KEV catalog. Based on the description, the attacker would need network access to an Azure Front Door instance and would exploit a control plane access control flaw; the exact exploitation steps are not detailed but are inferred to involve remote network access.

Generated by OpenCVE AI on April 16, 2026 at 01:56 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest Azure Front Door security patch as outlined in Microsoft's update guide
  • Restrict network access to Azure Front Door management endpoints using firewall rules or network security groups to limit exposure to trusted IP ranges
  • Continuously monitor Azure Front Door logs and alerts for suspicious activity that may indicate exploitation attempts

Generated by OpenCVE AI on April 16, 2026 at 01:56 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 27 Feb 2026 13:45:00 +0000

Type Values Removed Values Added
Weaknesses NVD-CWE-noinfo
CPEs cpe:2.3:a:microsoft:azure_front_door:-:*:*:*:*:*:*:*

Fri, 23 Jan 2026 21:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Thu, 22 Jan 2026 23:00:00 +0000

Type Values Removed Values Added
Description Improper access control in Azure Front Door (AFD) allows an unauthorized attacker to elevate privileges over a network.
Title Azure Front Door Elevation of Privilege Vulnerability
First Time appeared Microsoft
Microsoft azure Front Door
Weaknesses CWE-284
CPEs cpe:2.3:a:microsoft:azure_front_door:*:*:*:*:*:*:*:*
Vendors & Products Microsoft
Microsoft azure Front Door
References
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C'}

Subscriptions

Microsoft Azure Front Door
cve-icon MITRE

Status: PUBLISHED

Assigner: microsoft

Published:

Updated: 2026-04-01T13:49:23.912Z

Reserved: 2026-01-21T21:28:02.969Z

Link: CVE-2026-24306

cve-icon Vulnrichment

Updated: 2026-01-23T20:06:59.973Z

cve-icon NVD

Status : Analyzed

Published: 2026-01-22T23:15:58.837

Modified: 2026-02-27T13:44:45.297

Link: CVE-2026-24306

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-16T02:00:12Z

Weaknesses