Description
Deserialization of untrusted data in Azure Monitor Agent allows an authorized attacker to elevate privileges locally.
Published: 2026-04-14
Score: 7.8 High
EPSS: 1.9% Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability involves deserialization of untrusted data in Azure Monitor Agent. A this flaw to elevate privileges on the affected machine. The weakness is identified as data deserialization vulnerability (CWE-502).

Affected Systems

Microsoft Azure Monitor Agent is affected. Specific version ranges have not been disclosed in the available data.

Risk and Exploitability

The CVSS score of 7.8 indicates a high severity impact, and the EPSS score of 2% suggests a low but non-zero likelihood of exploitation, while the vulnerability is not listed in the CISA KEV catalog. The attack requires local authorization and involves processing of untrusted data, suggesting that a privileged or temporarily authorized user could misuse the flaw to gain higher privileges. The risk remains significant until a vendor patch is applied.

Generated by OpenCVE AI on June 18, 2026 at 09:10 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest Azure Monitor Agent update from Microsoft
  • Limit local account permissions to prevent modification of Azure Monitor Agent configuration files
  • Enable file integrity monitoring to detect unauthorized changes to agent data files

Generated by OpenCVE AI on June 18, 2026 at 09:10 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 15 Apr 2026 14:45:00 +0000

Type Values Removed Values Added
First Time appeared Microsoft azure Monitor
Vendors & Products Microsoft azure Monitor

Tue, 14 Apr 2026 20:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 14 Apr 2026 17:30:00 +0000

Type Values Removed Values Added
Description Deserialization of untrusted data in Azure Monitor Agent allows an authorized attacker to elevate privileges locally.
Title Azure Monitor Agent Elevation of Privilege Vulnerability
First Time appeared Microsoft
Microsoft azure Monitor Agent
Weaknesses CWE-502
CPEs cpe:2.3:a:microsoft:azure_monitor_agent:*:*:*:*:*:*:*:*
Vendors & Products Microsoft
Microsoft azure Monitor Agent
References
Metrics cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C'}

Subscriptions

Microsoft Azure Monitor Azure Monitor Agent
cve-icon MITRE

Status: PUBLISHED

Assigner: microsoft

Published:

Updated: 2026-06-19T16:08:01.255Z

Reserved: 2026-03-11T00:26:53.427Z

Link: CVE-2026-32192

cve-icon Vulnrichment

Updated: 2026-04-14T19:32:29.918Z

cve-icon NVD

Status : Analyzed

Published: 2026-04-14T18:17:25.723

Modified: 2026-06-17T10:35:19.057

Link: CVE-2026-32192

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-18T09:15:16Z

Weaknesses
  • CWE-502

    Deserialization of Untrusted Data