Improper Authentication Vulnerability in Azure Resource Manager by Microsoft
CVE-2026-47280

10CRITICAL

Key Information:

Vendor: Microsoft
Status: Azure Resource Manager
Vendor: CVE Published:; 22 May 2026

What is CVE-2026-47280?

The Azure Resource Manager contains an improper authentication vulnerability that enables an unauthorized user to elevate their privileges over a network. This situation potentially allows attackers to gain unauthorized access to resources and perform actions that should be restricted. It's crucial for users and administrators to ensure their systems are updated and secure against this vulnerability.

Affected Version(s)

Azure Resource Manager -

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...

vendor-advisorypatch

CVSS V3.1

Score:

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 22, 2026
Vulnerability Reserved
May 18, 2026

CVE-2026-47280 Data

JSON