Critical Azure Vulnerabilities: Remote Attack, Privilege Escalation
Summary
CERT-Bund has issued a security advisory regarding critical vulnerabilities in Microsoft Azure DevOps, Data Factory, and Cloud Shell. These vulnerabilities allow remote attackers to escalate privileges, manipulate data, and disclose sensitive information, with a CVSS base score of 10.0.
What changed
CERT-Bund has issued a security advisory (WID-SEC-2026-0794) detailing critical vulnerabilities affecting Microsoft Azure DevOps, Data Factory, and Cloud Shell. The advisory highlights a CVSS base score of 10.0, indicating a critical severity. These vulnerabilities enable remote, anonymous attackers to escalate privileges, manipulate data, and expose confidential information.
While this is a security advisory and not a regulatory rule, affected organizations using these Azure services should treat this as a high-priority alert. Mitigation measures are available, and prompt action is recommended to address the identified risks and prevent potential data breaches or system compromises. The advisory does not specify a compliance deadline but emphasizes the critical nature of the vulnerabilities.
What to do next
- Review Microsoft's security guidance for Azure DevOps, Data Factory, and Cloud Shell.
- Implement available mitigation measures to address identified vulnerabilities.
- Monitor for further updates or patches from Microsoft.
Source document (simplified)
[WID-SEC-2026-0794] Microsoft Azure DevOps, Data Factory and Cloud Shell: Mehrere Schwachstellen CVSS Base Score 10.0 (kritisch) CVSS Temporal Score 8.7 (hoch) Remoteangriff ja Datum 19.03.2026 Stand 20.03.2026 Mitigation ja
Betroffene Systeme
Betriebssystem
- Sonstiges
- UNIX
- Windows
Produktbeschreibung
Azure ist eine Cloud Computing-Plattform von Microsoft.
Produkte
19.03.2026
- Microsoft Azure DevOps
Microsoft Azure Data Factory
Microsoft Azure Cloud Shell
Angriff
Angriff
Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Microsoft Azure DevOps, Data Factory und Cloud Shell ausnutzen, um seine Privilegien zu erhöhen, Daten zu manipulieren und vertrauliche Informationen offenzulegen. CVE Informationen Versionshistorie Feedback zum Advisory geben
Related changes
Source
Classification
Who this affects
Taxonomy
Browse Categories
Get Data Privacy & Cybersecurity alerts
Weekly digest. AI-summarized, no noise.
Free. Unsubscribe anytime.
Get alerts for this source
We'll email you when CERT-Bund Security Advisories publishes new changes.