Description
Execution with unnecessary privileges in Azure Synapse allows an authorized attacker to elevate privileges over a network.
Published: 2026-06-19
Score: 9.9 Critical
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability allows an attacker with authorized access to execute code with unnecessary privileges, thereby elevating their privileges across the Azure Synapse network. It is a classic improper authorization flaw (CWE-250) that can compromise the confidentiality, integrity, and availability of data and services by granting the attacker broader access than intended.

Affected Systems

Microsoft Azure Synapse is the affected product. No specific versions are listed in the available data, so all deployments of Azure Synapse may be subject to this flaw until a patch is applied.

Risk and Exploitability

The CVSS score of 9.9 indicates a severe threat. The EPSS score is not available, but the vulnerability is not yet listed in the CISA KEV catalog. The likely attack vector is an authorized attacker who already has some level of access to the Azure Synapse environment; by exploiting the unnecessary privilege execution path, the malicious actor can expand their access rights. Since the description does not specify additional prerequisites, it is inferred that the attacker merely needs authenticated access to leverage this flaw.

Generated by OpenCVE AI on June 19, 2026 at 22:21 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest Azure Synapse patch or update as recommended in the Microsoft advisory.
  • Enforce least‑privilege policies and review role assignments to eliminate unnecessary privileges. (CWE‑250 remediation)
  • Continuously monitor for signs of privilege escalation or anomalous access patterns within the Synapse workspace.

Generated by OpenCVE AI on June 19, 2026 at 22:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 19 Jun 2026 21:15:00 +0000

Type Values Removed Values Added
Description Execution with unnecessary privileges in Azure Synapse allows an authorized attacker to elevate privileges over a network.
Title Microsoft Azure Synapse Elevation of Privilege Vulnerability
First Time appeared Microsoft
Microsoft azure Synapse
Weaknesses CWE-250
CPEs cpe:2.3:a:microsoft:azure_synapse:*:*:*:*:*:*:*:*
Vendors & Products Microsoft
Microsoft azure Synapse
References
Metrics cvssV3_1

{'score': 9.9, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C'}

Subscriptions

Microsoft Azure Synapse
cve-icon MITRE

Status: PUBLISHED

Assigner: microsoft

Published:

Updated: 2026-06-19T20:27:48.494Z

Reserved: 2026-05-21T20:00:35.246Z

Link: CVE-2026-48584

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-19T22:30:05Z

Weaknesses
  • CWE-250

    Execution with Unnecessary Privileges