Deserialization Vulnerability in Azure Monitor Agent by Microsoft
CVE-2026-32192

7.8HIGH

Key Information:

Vendor: Microsoft
Status: Azure Monitor
Vendor: CVE Published:; 14 April 2026

What is CVE-2026-32192?

An unauthorized access vulnerability exists in the Azure Monitor Agent, stemming from improper handling of deserialized data. An attacker with local access could exploit this weakness to gain elevated privileges, potentially compromising the integrity and security of the affected system. It is essential for organizations to address this issue promptly to protect their infrastructure.

Affected Version(s)

Azure Monitor 1.0.0 < 1.41.0

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...

vendor-advisorypatch

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 14, 2026
Vulnerability Reserved
Mar 11, 2026

CVE-2026-32192 Data

JSON