Description
Improper access control in Azure AI Foundry M365 published agents allows an unauthorized attacker to elevate privileges over a network.
Published: 2026-05-07
Score: 8.6 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Improper access control in Azure AI Foundry M365 published agents allows an unauthorized attacker to elevate privileges over a network. The vulnerability enables a non‑privileged user, by exploiting the lack of proper authorization checks, to gain higher level access and potentially access sensitive data or control services.

Affected Systems

Microsoft Azure AI Foundry is the affected product. No specific version information is provided in the advisory, so all deployed instances of Azure AI Foundry may be vulnerable until a patch is released.

Risk and Exploitability

The CVSS score of 8.6 indicates a high severity vulnerability. EPSS data is not available, but the lack of KEV listing suggests no confirmed exploitation yet. The likely attack vector is a network‑based approach, where an attacker interacting with the M365 published agents can trigger the privilege escalation. If exploited, an attacker could gain unauthorized administrative capabilities within the Azure AI Foundry environment.

Generated by OpenCVE AI on May 7, 2026 at 22:24 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the vendor patch or update for Azure AI Foundry as soon as it is released.
  • Restrict network access to the M365 published agents, limiting connections to trusted IPs or networks only.
  • Continuously audit access control configurations to verify that non‑privileged users cannot access privileged functions.

Generated by OpenCVE AI on May 7, 2026 at 22:24 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 07 May 2026 21:30:00 +0000

Type Values Removed Values Added
Description Improper access control in Azure AI Foundry M365 published agents allows an unauthorized attacker to elevate privileges over a network.
Title Azure AI Foundry Elevation of Privilege Vulnerability
First Time appeared Microsoft
Microsoft azure Ai Foundry
Weaknesses CWE-284
CPEs cpe:2.3:a:microsoft:azure_ai_foundry:*:*:*:*:*:*:*:*
Vendors & Products Microsoft
Microsoft azure Ai Foundry
References
Metrics cvssV3_1

{'score': 8.6, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C'}

Subscriptions

Microsoft Azure Ai Foundry
cve-icon MITRE

Status: PUBLISHED

Assigner: microsoft

Published:

Updated: 2026-05-07T20:58:55.593Z

Reserved: 2026-04-02T19:21:11.805Z

Link: CVE-2026-35435

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-05-07T22:16:34.787

Modified: 2026-05-07T22:16:34.787

Link: CVE-2026-35435

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-07T22:30:36Z

Weaknesses