Description
Untrusted search path in Azure Monitor Agent allows an authorized attacker to elevate privileges locally.
Published: 2026-05-12
Score: 6.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Azure Monitor Agent contains an untrusted search path flaw that permits an attacker who already has authorized local access to elevate their privileges. The vulnerability is a classic privilege‑escalation weakness (CWE‑426) that can compromise system integrity if exploited. No remote exploitation path is described, so the impact is confined to local escalation.

Affected Systems

Microsoft Azure Monitor Agent Metrics Extension is affected. No specific version information is provided; all deployed instances of the agent could potentially be at risk.

Risk and Exploitability

The CVSS score of 6.5 indicates a moderate severity risk, and the EPSS score is not available. The vulnerability is not listed in CISA’s KEV catalog, suggesting no known widespread exploitation. The likely attack vector requires an attacker with legitimate local access or an existing foothold; upon exploiting the untrusted search path, privileges can be raised to the level of the agent process. Due to the lack of remote access predicated on this flaw, the risk is moderate but still significant for environments with sensitive data or critical operating roles.

Generated by OpenCVE AI on May 12, 2026 at 19:51 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Deploy the latest version of Azure Monitor Agent Metrics Extension to all systems to eliminate the untrusted search path issue
  • Configure the agent to use explicit full paths for all executable references, thereby preventing the untrusted search path exploitation
  • Enforce strict file system permissions on the agent installation directories, granting only necessary read/execute rights to service accounts
  • Monitor audit logs for unauthorized privilege changes and implement least privilege access controls across the environment

Generated by OpenCVE AI on May 12, 2026 at 19:51 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 14 May 2026 14:30:00 +0000

Type Values Removed Values Added
First Time appeared Microsoft azure Monitor Agent
CPEs cpe:2.3:a:microsoft:azure_monitor_agent:*:*:*:*:*:*:*:*
Vendors & Products Microsoft azure Monitor Agent

Wed, 13 May 2026 10:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 12 May 2026 17:30:00 +0000

Type Values Removed Values Added
Description Untrusted search path in Azure Monitor Agent allows an authorized attacker to elevate privileges locally.
Title Azure Monitor Agent Metrics Extension Elevation of Privilege Vulnerability
First Time appeared Microsoft
Microsoft azure Monitor Agent Metrics Extension
Weaknesses CWE-426
CPEs cpe:2.3:a:microsoft:azure_monitor_agent_metrics_extension:*:*:*:*:*:*:*:*
Vendors & Products Microsoft
Microsoft azure Monitor Agent Metrics Extension
References
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N/E:U/RL:O/RC:C'}

Subscriptions

Microsoft Azure Monitor Agent Azure Monitor Agent Metrics Extension
cve-icon MITRE

Status: PUBLISHED

Assigner: microsoft

Published:

Updated: 2026-06-09T19:33:42.161Z

Reserved: 2026-04-30T14:51:12.703Z

Link: CVE-2026-42830

cve-icon Vulnrichment

Updated: 2026-05-13T09:58:15.086Z

cve-icon NVD

Status : Analyzed

Published: 2026-05-12T18:17:25.540

Modified: 2026-05-14T14:26:13.290

Link: CVE-2026-42830

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-13T10:38:02Z

Weaknesses