Description
Improper input validation in Azure Monitor Agent allows an authorized attacker to elevate privileges locally.
Published: 2026-04-14
Score: 7.8 High
EPSS: < 1% Very Low
KEV: No
Impact: Local privilege escalation
Action: Patch Immediately
AI Analysis

Impact

This vulnerability arises from improper input validation in Azure Monitor Agent that permits an attacker with authorized local access to elevate privileges. By supplying specially crafted input, the attacker can gain elevated rights on the affected system, allowing full compromise of that machine. The weakness maps to CWE‑20, indicating that lack of validation can be used to bypass security boundaries.

Affected Systems

Microsoft Azure Monitor Agent is the affected product. The specific agent version list is not detailed in the supplied data. Any installation of Azure Monitor Agent that has not been patched to the latest release could be vulnerable.

Risk and Exploitability

The CVSS v3.1 score of 7.8 classifies this flaw as High severity. No EPSS score is available, and it is not listed in the CISA KEV catalog. Exploitation requires that the attacker already has a foothold and is authorized to submit data to the agent. Once the input is accepted, the privilege escalation can occur with relatively minimal effort, leading to potential full system compromise. Because the attack vector is local, the risk is confined to systems where the agent is installed and the attacker can craft input.

Generated by OpenCVE AI on April 14, 2026 at 20:03 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply Microsoft’s latest Azure Monitor Agent update; verify all agents are patched to the latest version; restrict write access to the agent’s configuration files to authorized users only; monitor audit logs for unusual privilege changes; consider running the agent with the least privilege privileges.

Generated by OpenCVE AI on April 14, 2026 at 20:03 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 15 Apr 2026 14:45:00 +0000

Type Values Removed Values Added
First Time appeared Microsoft azure Monitor
Vendors & Products Microsoft azure Monitor

Tue, 14 Apr 2026 19:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 14 Apr 2026 17:30:00 +0000

Type Values Removed Values Added
Description Improper input validation in Azure Monitor Agent allows an authorized attacker to elevate privileges locally.
Title Azure Monitor Agent Elevation of Privilege Vulnerability
First Time appeared Microsoft
Microsoft azure Monitor Agent
Weaknesses CWE-20
CPEs cpe:2.3:a:microsoft:azure_monitor_agent:*:*:*:*:*:*:*:*
Vendors & Products Microsoft
Microsoft azure Monitor Agent
References
Metrics cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C'}

Subscriptions

Microsoft Azure Monitor Azure Monitor Agent
cve-icon MITRE

Status: PUBLISHED

Assigner: microsoft

Published:

Updated: 2026-04-15T21:54:30.356Z

Reserved: 2026-03-10T23:09:43.266Z

Link: CVE-2026-32168

cve-icon Vulnrichment

Updated: 2026-04-14T18:39:39.077Z

cve-icon NVD

Status : Received

Published: 2026-04-14T18:17:19.687

Modified: 2026-04-14T18:17:19.687

Link: CVE-2026-32168

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-15T15:00:06Z

Weaknesses