Server-Side Request Forgery Vulnerability in Azure Databricks by Microsoft
CVE-2026-33107

10CRITICAL

Key Information:

Vendor: Microsoft
Status: Azure Databricks
Vendor: CVE Published:; 2 April 2026

What is CVE-2026-33107?

A server-side request forgery (SSRF) vulnerability exists in Azure Databricks, potentially enabling an unauthorized attacker to elevate their privileges within the network. This could allow malicious actors to exploit internal resources or services, leading to unauthorized access and other security risks. Organizations using Azure Databricks should review their security measures and apply necessary patches to mitigate this vulnerability.

Affected Version(s)

Azure Databricks -

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...

vendor-advisorypatch

CVSS V3.1

Score:

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 2, 2026
Vulnerability Reserved
Mar 17, 2026

CVE-2026-33107 Data

JSON