Server-Side Request Forgery in Azure OpenAI by Microsoft
CVE-2026-45499

9.9CRITICAL

Key Information:

Vendor

Microsoft

Vendor
CVE Published:
2 July 2026

What is CVE-2026-45499?

A vulnerability exists in Azure OpenAI that allows an authorized attacker to exploit server-side request forgery (SSRF) mechanisms. By leveraging this flaw, an attacker could elevate their privileges and gain unauthorized access to sensitive network resources, potentially compromising the integrity and confidentiality of the affected system. Organizations utilizing Azure OpenAI are advised to implement the latest security patches and follow best practices to mitigate the risks associated with this vulnerability.

Affected Version(s)

Azure Open AI -

References

CVSS V3.1

Score:
9.9
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.