Description
Improper access control in Azure Managed Instance for Apache Cassandra allows an authorized attacker to execute code over a network.
Published: 2026-05-07
Score: 9.9 Critical
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is an improper access control flaw in Azure Managed Instance for Apache Cassandra. An attacker who has been authorized to access the instance can run arbitrary code across the network, leading to a remote code execution that compromises confidentiality, integrity, and availability.

Affected Systems

Microsoft Azure Managed Instance for Apache Cassandra is the affected product. No specific version information is provided, indicating that all managed instances may be vulnerable.

Risk and Exploitability

The CVSS score of 9.9 indicates critical severity. EPSS data is not available and the vulnerability is not listed in the CISA KEV catalog. Because an attacker must be authorized to the instance, exploitation risk depends on the ability to authenticate or otherwise obtain authorized credentials. Nonetheless, a successful attack would allow arbitrary code execution, making it a high‑risk business threat. The CWE-284 classification highlights the root cause as improper access control.

Generated by OpenCVE AI on May 7, 2026 at 22:26 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply any Microsoft patch or update for Azure Managed Instance for Apache Cassandra as soon as it is released.
  • Restrict authorized users to the minimum necessary roles and remove or disable accounts that no longer require access.
  • Enable logging and monitoring for the Cassandra instance and alert on suspicious network activity or code execution attempts.
  • If a patch cannot be applied immediately, isolate the instance from the network to prevent exploitation.

Generated by OpenCVE AI on May 7, 2026 at 22:26 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 07 May 2026 21:30:00 +0000

Type Values Removed Values Added
Description Improper access control in Azure Managed Instance for Apache Cassandra allows an authorized attacker to execute code over a network.
Title Azure Managed Instance for Apache Cassandra Remote Code Execution Vulnerability
First Time appeared Microsoft
Microsoft azure Managed Instance For Apache Cassandra
Weaknesses CWE-284
CPEs cpe:2.3:a:microsoft:azure_managed_instance_for_apache_cassandra:*:*:*:*:*:*:*:*
Vendors & Products Microsoft
Microsoft azure Managed Instance For Apache Cassandra
References
Metrics cvssV3_1

{'score': 9.9, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C'}

Subscriptions

Microsoft Azure Managed Instance For Apache Cassandra
cve-icon MITRE

Status: PUBLISHED

Assigner: microsoft

Published:

Updated: 2026-05-07T20:58:49.441Z

Reserved: 2026-03-17T20:15:23.720Z

Link: CVE-2026-33109

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-05-07T22:16:34.030

Modified: 2026-05-07T22:16:34.030

Link: CVE-2026-33109

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-07T22:30:36Z

Weaknesses