Elevation of Privilege Vulnerability in Azure Arc by Microsoft
CVE-2026-24302

8.6HIGH

Key Information:

Vendor: Microsoft
Status: Azure Arc
Vendor: CVE Published:; 5 February 2026

What is CVE-2026-24302?

An elevation of privilege vulnerability exists in Azure Arc that could allow an authenticated attacker to execute commands with elevated permissions. This security weakness could lead to unauthorized access and control of resources managed by Azure Arc. It’s essential for users and administrators to apply the recommended patches to safeguard their systems against potential exploitation.

Affected Version(s)

Azure ARC -

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...

vendor-advisorypatch

CVSS V3.1

Score:

8.6

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 5, 2026
Vulnerability Reserved
Jan 21, 2026

CVE-2026-24302 Data

JSON