Skip to content
CVSS 10.0CVSS 10.0 · CRITICAL

CVE-2026-47280

Improper authentication in Azure Resource Manager (ARM) allows an unauthorized attacker to elevate privileges over a network.

View on NVD

Analysis

Azure Resource Manager presenta una vulnerabilidad crítica de autenticación que permite a un atacante remoto elevar privilegios sobre la red sin autorización previa. Este fallo compromete la gestión integral de recursos en la nube, otorgando potencialmente control total sobre la infraestructura de Azure. Es fundamental verificar las identidades administradas y asegurar el entorno de ARM de inmediato.

Relevant roles

CloudCyberSecurityBackend

Severity

Score: 10.0(CRITICAL)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
AV: NETWORK
AC: LOW
PR: NONE
UI: NONE
S: CHANGED
C: HIGH
I: HIGH
A: HIGH
Weakness (CWE): CWE-287NVD-CWE-noinfo

EPSS

Probability of exploitation (next 30 days): 0.0009 (0.1%)
Percentile: 26.2%
EPSS: 2026-06-05

Affects

microsoft:azure_resource_manager

Technical description

Improper authentication in Azure Resource Manager (ARM) allows an unauthorized attacker to elevate privileges over a network.

Published: 5/22/2026, 11:16:56 PM
Last modified: 5/27/2026, 4:14:33 PM

References

HomeEventsBlogResourcesTeam