Authorization Bypass in Azure Privileged Identity Management by Microsoft
CVE-2026-35430

8.8HIGH

Key Information:

Vendor: Microsoft
Status: Azure Privileged Identity Management (pim)
Vendor: CVE Published:; 22 May 2026

What is CVE-2026-35430?

An authorization bypass vulnerability in Azure Privileged Identity Management allows an attacker to manipulate user-controlled keys. This flaw could let authorized users escalate their privileges on the network, potentially leading to unauthorized access to sensitive information and critical systems. Organizations should remain vigilant and apply the necessary patches to secure their Azure environments.

Affected Version(s)

Azure Privileged Identity Management (PIM) -

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...

vendor-advisorypatch

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 22, 2026
Vulnerability Reserved
Apr 2, 2026

CVE-2026-35430 Data

JSON