Description
Authentication bypass by spoofing in Azure HorizonDB allows an unauthorized attacker to elevate privileges over a network.
Published: 2026-06-04
Score: 10 Critical
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability allows an attacker to spoof authentication credentials in Azure HorizonDB, bypassing normal authentication checks and gaining elevated privileges over the network. As a result, an unauthorized user can access resources and perform actions that should only be available to verified accounts, potentially compromising sensitive data and system integrity.

Affected Systems

Microsoft Azure HorizonDB is the affected product. The vulnerability impacts systems running Microsoft Azure HorizonDB services; no specific version information is provided in the data available.

Risk and Exploitability

The CVSS score of 10 indicates a critical severity. The EPSS score is not available, and the vulnerability is not listed in CISA KEV, so exploitation statistics are unknown, but the high CVSS indicates a severe risk. The likely attack vector involves a network-based spoofing attempt against the HorizonDB authentication process, requiring the attacker to reach the service endpoint and send forged credentials. While no explicit attacker prerequisites are stated, the vulnerability can be leveraged remotely by anyone who can reach the HorizonDB network segment.

Generated by OpenCVE AI on June 4, 2026 at 23:54 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest Microsoft patch for Azure HorizonDB as documented in the MSRC advisory linked above.
  • Restrict HorizonDB access to trusted networks and apply network segmentation so that only authorized hosts can reach the authentication endpoint.
  • Enforce strict identity verification and disable any legacy authentication mechanisms that may be susceptible to spoofing; implement multi‑factor authentication and certificate‑based authentication where supported.

Generated by OpenCVE AI on June 4, 2026 at 23:54 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 05 Jun 2026 08:45:00 +0000

Type Values Removed Values Added
First Time appeared Microsoft .azure Horizondb
Vendors & Products Microsoft .azure Horizondb

Thu, 04 Jun 2026 22:45:00 +0000

Type Values Removed Values Added
Description Authentication bypass by spoofing in Azure HorizonDB allows an unauthorized attacker to elevate privileges over a network.
Title Azure HorizonDB Elevation of Privilege Vulnerability
First Time appeared Microsoft
Microsoft .azure Horizondb
Weaknesses CWE-290
CPEs cpe:2.3:a:microsoft:.azure_horizonDB:*:*:*:*:*:*:*:*
Vendors & Products Microsoft
Microsoft .azure Horizondb
References
Metrics cvssV3_1

{'score': 10, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:H/E:U/RL:O/RC:C'}

Subscriptions

Microsoft .azure Horizondb .azure Horizondb
cve-icon MITRE

Status: PUBLISHED

Assigner: microsoft

Published:

Updated: 2026-06-04T22:00:47.598Z

Reserved: 2026-05-21T20:00:35.245Z

Link: CVE-2026-48567

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-06-04T23:17:32.677

Modified: 2026-06-04T23:17:32.677

Link: CVE-2026-48567

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-05T08:30:24Z

Weaknesses