Description
Improper authentication in Azure SDK allows an unauthorized attacker to bypass a security feature over a network.
Published: 2026-05-12
Score: 9.1 Critical
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The Azure SDK for Java contains an improper authentication flaw that allows an unauthorized attacker to bypass a security feature over a network. This vulnerability can enable unauthorized access to resources that should require proper authentication, potentially exposing sensitive data or allowing unintended actions. The flaw maps to CWE-287 (Improper Authentication) and CWE-347 (Missing Authentication for Critical Function).

Affected Systems

Microsoft Azure SDK for Java. No specific version information is provided in the advisory, so all existing versions of the SDK may be vulnerable until patched.

Risk and Exploitability

The CVSS score of 9.1 classifies this flaw as critical, indicating a high potential impact. The EPSS score is not available, which suggests that the probability of exploitation has not been quantified, but the lack of KEV listing and no public exploits at the time of this advisory mean that attackers would need to develop or obtain a custom exploit. The likely attack vector is over a network, with an unauthorized agent sending crafted requests to the SDK endpoint to force the security feature to be bypassed.

Generated by OpenCVE AI on May 12, 2026 at 18:54 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update Microsoft Azure SDK for Java to the latest released version that includes the authentication fix.
  • Implement additional authentication checks at the application level to guard against missing SDK enforcement.
  • Restrict network traffic to the Azure SDK endpoints, limiting exposure to trusted internal hosts or applying firewall rules.

Generated by OpenCVE AI on May 12, 2026 at 18:54 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 12 May 2026 17:30:00 +0000

Type Values Removed Values Added
Description Improper authentication in Azure SDK allows an unauthorized attacker to bypass a security feature over a network.
Title Azure SDK for Java Security Feature Bypass Vulnerability
First Time appeared Microsoft
Microsoft azure Sdk For Java
Weaknesses CWE-287
CWE-347
CPEs cpe:2.3:a:microsoft:azure_sdk_for_java:*:*:*:*:*:*:*:*
Vendors & Products Microsoft
Microsoft azure Sdk For Java
References
Metrics cvssV3_1

{'score': 9.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C'}

Subscriptions

Microsoft Azure Sdk For Java
cve-icon MITRE

Status: PUBLISHED

Assigner: microsoft

Published:

Updated: 2026-05-13T03:57:36.361Z

Reserved: 2026-03-17T20:15:23.721Z

Link: CVE-2026-33117

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-05-12T18:17:04.033

Modified: 2026-05-12T18:17:04.033

Link: CVE-2026-33117

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-12T19:00:20Z

Weaknesses