Privilege Elevation Vulnerability in Azure Monitor Agent by Microsoft
CVE-2026-42830

6.5MEDIUM

Key Information:

Vendor: Microsoft
Status: Azure Monitor Agent Metrics Extension
Vendor: CVE Published:; 12 May 2026

What is CVE-2026-42830?

The Azure Monitor Agent is vulnerable due to an untrusted search path, which can be exploited by an authorized attacker to gain elevated privileges on the local system. This vulnerability poses a significant risk as it allows unauthorized access to sensitive operations or data. Organizations using Azure Monitor Agent are encouraged to review their security practices and apply relevant patches to mitigate this threat.

Affected Version(s)

Azure Monitor Agent Metrics Extension 1.0.0 < 1.42.0

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...

vendor-advisorypatch

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 12, 2026
Vulnerability Reserved
Apr 30, 2026

CVE-2026-42830 Data

JSON