Improper Access Control Vulnerability in Azure Logic Apps by Microsoft
CVE-2026-42823

9.9CRITICAL

Key Information:

Vendor: Microsoft
Status: Azure Logic Apps
Vendor: CVE Published:; 12 May 2026

Badges

📰 News Worthy

What is CVE-2026-42823?

The vulnerability in Azure Logic Apps arises from improper access control mechanisms that allow an authorized attacker to elevate privileges over a network. This can potentially enable unauthorized actions and access to sensitive data, compromising the overall integrity and security of applications using Azure Logic Apps. Proper security measures and adherence to best practices are essential for mitigating this vulnerability.

Affected Version(s)

Azure Logic Apps -

News Articles

Dark Reading

CVE-2026-42898 CVE-2026-42823

It's Patch Tuesday for Microsoft and Not a Zero-Day In Sight

It's the first time in two years with no zero-days. But with 137 flaws to patch, including nine critical ones, admins still have plenty of work to do.

4 weeks ago

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...

vendor-advisorypatch

CVSS V3.1

Score:

9.9

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

📰
First article discovered by Dark Reading
May 12, 2026
Vulnerability published
May 12, 2026
Vulnerability Reserved
Apr 30, 2026

CVE-2026-42823 Data

JSON