Description
External control of file name or path in Azure Monitor Agent allows an authorized attacker to elevate privileges locally.
Published: 2026-05-12
Score: 7.8 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

External control of file name or path in the Azure Monitor Agent allows an authorized attacker to create or modify files in a location that grants elevated privileges, leading to local privilege escalation. The vulnerability is modeled by CWE-73, which denotes path manipulation weaknesses that can be abused to bypass security controls. The attacker requires some level of authorization to the system, but can leverage the flaw to gain higher privileges, potentially affecting the confidentiality, integrity, or availability of the host.

Affected Systems

Microsoft Azure Monitor Agent is vulnerable. No specific version range is listed in the CNA data, so all installed instances may be at risk unless they have received a recent update from Microsoft.

Risk and Exploitability

The CVSS score of 7.8 indicates a high severity. With no EPSS score available and the vulnerability not listed in the CISA KEV catalog, the immediate likelihood of exploitation is uncertain, but the flaw still warrants attention. An authorized local attacker can exploit the path control to achieve privilege escalation, so the attack vector is inferred to be local. Enforcement of least privilege and timely application of Microsoft updates are critical to mitigate this risk.

Generated by OpenCVE AI on May 12, 2026 at 18:56 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest Microsoft security update for Azure Monitor Agent
  • Restrict write permissions to directories used by the agent to prevent arbitrary file placement
  • Implement monitoring to detect unexpected file creations or modifications in the agent’s directory
  • Review and enforce least privilege for users that manage or configure the Azure Monitor Agent

Generated by OpenCVE AI on May 12, 2026 at 18:56 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 12 May 2026 22:00:00 +0000

Type Values Removed Values Added
First Time appeared Microsoft azure Monitor
Vendors & Products Microsoft azure Monitor

Tue, 12 May 2026 17:30:00 +0000

Type Values Removed Values Added
Description External control of file name or path in Azure Monitor Agent allows an authorized attacker to elevate privileges locally.
Title Azure Monitor Agent Elevation of Privilege Vulnerability
First Time appeared Microsoft
Microsoft azure Monitor Agent
Weaknesses CWE-73
CPEs cpe:2.3:a:microsoft:azure_monitor_agent:*:*:*:*:*:*:*:*
Vendors & Products Microsoft
Microsoft azure Monitor Agent
References
Metrics cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C'}

Subscriptions

Microsoft Azure Monitor Azure Monitor Agent
cve-icon MITRE

Status: PUBLISHED

Assigner: microsoft

Published:

Updated: 2026-05-12T17:53:13.271Z

Reserved: 2026-03-11T01:49:58.658Z

Link: CVE-2026-32204

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-05-12T18:17:00.620

Modified: 2026-05-12T18:17:00.620

Link: CVE-2026-32204

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-12T21:45:05Z

Weaknesses