CVSS 9.6 · CRITICAL
CVE-2026-24303
Improper access control in Microsoft Partner Center allows an authorized attacker to elevate privileges over a network.
Ver en NVDAnálisis
Microsoft Partner Center contains a critical vulnerability allowing authenticated users to escalate privileges over the network. If your organization uses the Partner Center to manage Microsoft subscriptions, customers, or internal developer programs, be aware that this flaw could allow an attacker with standard access to gain unauthorized control over tenant management tools.
Severidad
Puntaje: 9.6(CRITICAL)
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:NAV: NETWORK
AC: LOW
PR: LOW
UI: NONE
S: CHANGED
C: HIGH
I: HIGH
A: NONE
Tipo de falla (CWE):
CWE-284EPSS
Probabilidad de explotación (próx. 30 días): 0.0006 (0.1%)
Percentil: 16.9%
EPSS: 2026-05-06
Afecta
microsoft:partner_centerDescripción técnica
Improper access control in Microsoft Partner Center allows an authorized attacker to elevate privileges over a network.
Publicada: 23/4/2026, 22:16:22
Última modificación: 28/4/2026, 12:11:27