Description
Exposure of sensitive information to an unauthorized actor in Cost Management Interactive Experiences allows an unauthorized attacker to disclose information over a network.
Published: 2026-06-18
Score: 7.5 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability resides in Azure Cost Management Interactive Experiences where sensitive information can be exposed to an unauthorized actor. The flaw allows an attacker to retrieve confidential data—such as cost, usage, and billing details—over a network connection. This type of weakness is classified as information exposure (CWE‑200).

Affected Systems

The affected product is Microsoft Azure Cost Management. The CVE does not list specific affected versions, so all implementations that have not applied the recent Microsoft patch are potentially impacted.

Risk and Exploitability

The CVSS score of 7.5 indicates a high severity. The exact probability of exploitation is unknown because the EPSS score is not available, and the vulnerability is not yet listed in CISA’s KEV catalog. Based on the description, the attack vector is likely remote over a network with an unauthenticated or low‑privilege attacker able to trigger the disclosure. No known exploits have been reported to date.

Generated by OpenCVE AI on June 18, 2026 at 23:51 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest Microsoft patch for Azure Cost Management as announced on the Microsoft Security Response Center.
  • Limit network access to the Cost Management service by configuring firewall rules or Azure Private Link so that only trusted subnets or virtual networks can reach the endpoint.
  • Enforce least‑privilege access with Azure AD role‑based access control, ensuring that only users with appropriate permissions can view cost data, and monitor activity logs for anomalous access attempts.

Generated by OpenCVE AI on June 18, 2026 at 23:51 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 19 Jun 2026 01:45:00 +0000

Type Values Removed Values Added
First Time appeared Microsoft azure Cost Management
Vendors & Products Microsoft azure Cost Management

Thu, 18 Jun 2026 22:00:00 +0000

Type Values Removed Values Added
Description Exposure of sensitive information to an unauthorized actor in Cost Management Interactive Experiences allows an unauthorized attacker to disclose information over a network.
Title Microsoft Cost Management Information Disclosure Vulnerability
First Time appeared Microsoft
Microsoft azure Cost Management
Weaknesses CWE-200
CPEs cpe:2.3:a:microsoft:Azure_Cost_Management:*:*:*:*:*:*:*:*
Vendors & Products Microsoft
Microsoft azure Cost Management
References
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C'}

Subscriptions

Microsoft Azure Cost Management Azure Cost Management
cve-icon MITRE

Status: PUBLISHED

Assigner: microsoft

Published:

Updated: 2026-06-18T21:37:36.850Z

Reserved: 2026-05-19T20:12:27.069Z

Link: CVE-2026-47633

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-19T01:30:16Z

Weaknesses
  • CWE-200

    Exposure of Sensitive Information to an Unauthorized Actor