Improper Authentication in Azure Bot Service by Microsoft
CVE-2026-32174

7.7HIGH

Key Information:

Vendor: Microsoft
Status: Azure Ai Bot Service
Vendor: CVE Published:; 18 June 2026

What is CVE-2026-32174?

Improper authentication in Microsoft Azure Bot Service can allow an attacker with valid credentials to escalate their privileges within the network. This weakness enables unauthorized actions that may compromise the integrity and security of the system, affecting overall user trust and data confidentiality. It is crucial for users of Azure Bot Service to review their configurations and implement necessary security measures to protect against such vulnerabilities.

Affected Version(s)

Azure AI Bot Service -

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...

vendor-advisorypatch

CVSS V3.1

Score:

7.7

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 18, 2026
Vulnerability Reserved
Mar 10, 2026

CVE-2026-32174 Data

JSON