CVSS 10.0CVSS 10.0 · CRITICAL
CVE-2026-47280
Improper authentication in Azure Resource Manager (ARM) allows an unauthorized attacker to elevate privileges over a network.
View on NVDAnalysis
Azure Resource Manager presenta una vulnerabilidad crítica de autenticación que permite a un atacante remoto elevar privilegios sobre la red sin autorización previa. Este fallo compromete la gestión integral de recursos en la nube, otorgando potencialmente control total sobre la infraestructura de Azure. Es fundamental verificar las identidades administradas y asegurar el entorno de ARM de inmediato.
Relevant roles
CloudCyberSecurityBackend
Severity
Score: 10.0(CRITICAL)
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:HAV: NETWORK
AC: LOW
PR: NONE
UI: NONE
S: CHANGED
C: HIGH
I: HIGH
A: HIGH
Weakness (CWE):
CWE-287NVD-CWE-noinfoEPSS
Probability of exploitation (next 30 days): 0.0009 (0.1%)
Percentile: 26.2%
EPSS: 2026-06-05
Affects
microsoft:azure_resource_managerTechnical description
Improper authentication in Azure Resource Manager (ARM) allows an unauthorized attacker to elevate privileges over a network.
Published: 5/22/2026, 11:16:56 PM
Last modified: 5/27/2026, 4:14:33 PM