Improper Access Control in Microsoft Partner Center by Microsoft
CVE-2026-24303

9.6CRITICAL

Key Information:

Vendor: Microsoft
Status: Microsoft Partner Center
Vendor: CVE Published:; 23 April 2026

What is CVE-2026-24303?

An access control issue in Microsoft Partner Center can permit an authenticated attacker to gain elevated privileges across the network. This vulnerability poses significant risks, as it may allow malicious actors to manipulate resources or sensitive data without proper authorization. Organizations using Microsoft Partner Center should review their security measures and apply the latest updates to mitigate potential threats. For detailed information, refer to the vendor advisory.

Affected Version(s)

Microsoft Partner Center -

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...

vendor-advisorypatch

CVSS V3.1

Score:

9.6

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 23, 2026
Vulnerability Reserved
Jan 21, 2026

CVE-2026-24303 Data

JSON