CVSS 9.9 · CRITICAL
CVE-2026-21515
Exposure of sensitive information to an unauthorized actor in Azure IOT Central allows an authorized attacker to elevate privileges over a network.
Ver en NVDAnálisis
Microsoft Azure IoT Central has a critical vulnerability allowing for privilege escalation via sensitive information exposure. Organizations using this SaaS platform for IoT device management should review their environments immediately, as an attacker can gain elevated permissions over the network.
Severidad
Puntaje: 9.9(CRITICAL)
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:HAV: NETWORK
AC: LOW
PR: LOW
UI: NONE
S: CHANGED
C: HIGH
I: HIGH
A: HIGH
Tipo de falla (CWE):
CWE-200EPSS
Probabilidad de explotación (próx. 30 días): 0.0010 (0.1%)
Percentil: 27.5%
EPSS: 2026-05-06
Afecta
microsoft:azure_iot_centralDescripción técnica
Exposure of sensitive information to an unauthorized actor in Azure IOT Central allows an authorized attacker to elevate privileges over a network.
Publicada: 24/4/2026, 13:16:03
Última modificación: 27/4/2026, 19:41:24