Elevation of Privilege in Azure Monitor Agent by Microsoft
CVE-2026-32168

7.8HIGH

Key Information:

Vendor: Microsoft
Status: Azure Monitor
Vendor: CVE Published:; 14 April 2026

What is CVE-2026-32168?

Azure Monitor Agent has a vulnerability due to improper input validation that can be exploited by an authorized attacker to elevate their privileges locally. This flaw weakens the security posture of the system, enabling malicious actors to gain control over sensitive operations and potentially compromise system integrity.

Affected Version(s)

Azure Monitor 1.0.0 < 1.35.9

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...

vendor-advisorypatch

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 14, 2026
Vulnerability Reserved
Mar 10, 2026

CVE-2026-32168 Data

JSON