Improper Authorization Issue in Microsoft Azure Kubernetes Service
CVE-2026-33105

10CRITICAL

Key Information:

Vendor: Microsoft
Status: Azure Kubernetes Service
Vendor: CVE Published:; 2 April 2026

What is CVE-2026-33105?

The Azure Kubernetes Service is susceptible to an improper authorization vulnerability that enables unauthorized attackers to escalate their privileges across the network. This flaw can potentially allow malicious actors to access sensitive resources and perform unauthorized actions within the Kubernetes environment, posing a significant risk to system integrity and data security.

Affected Version(s)

Azure Kubernetes Service -

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...

vendor-advisorypatch

CVSS V3.1

Score:

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 2, 2026
Vulnerability Reserved
Mar 17, 2026

CVE-2026-33105 Data

JSON