Description
Improper authentication in Azure Arc allows an authorized attacker to elevate privileges locally.
Published: 2026-03-10
Score: 7.8 High
EPSS: < 1% Very Low
KEV: No
Impact: Privilege Escalation
Action: Immediate Patch
AI Analysis

Impact

Improper authentication in Azure Arc allows an authorized attacker to elevate privileges locally on Arc‑enabled Windows VMs. The vulnerability corresponds to CWE-287 (Authentication Bypass) and CWE-863 (Privilege Escalation), enabling a local attacker to assume higher privileges, thereby compromising confidentiality, integrity, and availability of the affected system.

Affected Systems

Products affected are Microsoft Azure Automation Hybrid Worker Windows Extension (Arc‑enabled Windows VMs). No specific version information is provided in the CVE entry; users should review the Microsoft advisory to determine which deployed versions are vulnerable.

Risk and Exploitability

The CVSS score of 7.8 indicates high severity. The EPSS score of less than 1% suggests a low probability of exploitation at present, and the vulnerability is not listed in the CISA KEV catalog. The likely attack vector requires an authenticated attacker with local access to the VM; there is no evidence of remote exploitation.

Generated by OpenCVE AI on March 16, 2026 at 23:14 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest Microsoft patch for Azure Automation Hybrid Worker Windows Extension per the Microsoft Security Advisory
  • Limit the privileges of Azure Arc service accounts and network access to the extension until a patch is deployed
  • Enable auditing and monitoring for privilege escalation events on Arc‑enabled Windows VMs
  • Review local account permissions and remove any unnecessary administrator rights

Generated by OpenCVE AI on March 16, 2026 at 23:14 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 13 Mar 2026 17:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-863

Tue, 10 Mar 2026 20:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 10 Mar 2026 17:30:00 +0000

Type Values Removed Values Added
Description Improper authentication in Azure Arc allows an authorized attacker to elevate privileges locally.
Title Hybrid Worker Extension (Arc‑enabled Windows VMs) Elevation of Privilege Vulnerability
First Time appeared Microsoft
Microsoft azure Automation Hybrid Worker Windows Extension
Weaknesses CWE-287
CPEs cpe:2.3:a:microsoft:azure_automation_hybrid_worker_windows_extension:*:*:*:*:*:*:*:*
Vendors & Products Microsoft
Microsoft azure Automation Hybrid Worker Windows Extension
References
Metrics cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C'}

Subscriptions

Microsoft Azure Automation Hybrid Worker Windows Extension
cve-icon MITRE

Status: PUBLISHED

Assigner: microsoft

Published:

Updated: 2026-03-27T22:33:19.335Z

Reserved: 2026-02-11T16:24:51.134Z

Link: CVE-2026-26141

cve-icon Vulnrichment

Updated: 2026-03-10T19:43:31.044Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-10T18:18:42.957

Modified: 2026-03-13T17:03:42.147

Link: CVE-2026-26141

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-20T14:34:00Z

Weaknesses