Description
Authorization bypass through user-controlled key in Azure Privileged Identity Management (PIM) allows an authorized attacker to elevate privileges over a network.
Published: 2026-05-22
Score: 8.8 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

An attacker who has already been granted access to Azure Privileged Identity Management can exploit a flaw that allows the manipulation of a user-controlled key to bypass authorization checks. This leads to elevation of privileges within the service, breaking the isolation between normal and privileged roles. The weakness, identified as CWE‑639, directly undermines access controls and can result in untrusted users gaining administrative authority over Azure resources.

Affected Systems

Microsoft Azure Privileged Identity Management (PIM) is the affected product, as listed by the CNA. The vulnerability applies to all current versions of the service until an official fix is released; specific version numbers are not provided in the available data.

Risk and Exploitability

The CVSS score of 8.8 indicates a high severity risk. Since EPSS data is not available, the likelihood of exploitation cannot be estimated from that metric, and the vulnerability is not currently listed in the CISA KEV catalog. The attack vector is likely network-based, requiring an authorized account within Azure PIM; an attacker can manipulate the key over the network to achieve elevation. The impact is elevated privileges across Azure resources managed through PIM.

Generated by OpenCVE AI on May 22, 2026 at 23:25 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest official patch or update for Azure PIM when it becomes available.
  • Limit the number of accounts with privileged PIM permissions and employ least‑privilege principles.
  • Configure conditional access policies to restrict who can manage roles and access the key used for authorization checks.

Generated by OpenCVE AI on May 22, 2026 at 23:25 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Sat, 23 May 2026 04:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Fri, 22 May 2026 22:30:00 +0000

Type Values Removed Values Added
Description Authorization bypass through user-controlled key in Azure Privileged Identity Management (PIM) allows an authorized attacker to elevate privileges over a network.
Title Azure Privileged Identity Management (PIM) Elevation of Privilege Vulnerability
First Time appeared Microsoft
Microsoft azure Privileged Management
Weaknesses CWE-639
CPEs cpe:2.3:a:microsoft:azure_privileged_management:*:*:*:*:*:*:*:*
Vendors & Products Microsoft
Microsoft azure Privileged Management
References
Metrics cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C'}

Subscriptions

Microsoft Azure Privileged Management
cve-icon MITRE

Status: PUBLISHED

Assigner: microsoft

Published:

Updated: 2026-05-23T03:13:09.466Z

Reserved: 2026-04-02T19:21:11.804Z

Link: CVE-2026-35430

cve-icon Vulnrichment

Updated: 2026-05-23T03:13:05.286Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-22T23:30:03Z

Weaknesses