Skip to content
CVSS 8.6 · HIGH

CVE-2026-26150

Server-side request forgery (ssrf) in Microsoft Purview allows an unauthorized attacker to elevate privileges over a network.

Ver en NVD

Análisis

Microsoft Purview eDiscovery contains a server-side request forgery (SSRF) vulnerability that allows unauthorized attackers to elevate their privileges over the network. Organizations using Purview for data governance and legal discovery should verify their security updates to prevent unauthorized access to sensitive compliance records.

Severidad

Puntaje: 8.6(HIGH)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
AV: NETWORK
AC: LOW
PR: NONE
UI: NONE
S: CHANGED
C: HIGH
I: NONE
A: NONE
Tipo de falla (CWE): CWE-918

EPSS

Probabilidad de explotación (próx. 30 días): 0.0009 (0.1%)
Percentil: 25.2%
EPSS: 2026-05-06

Afecta

microsoft:purview_ediscovery

Descripción técnica

Server-side request forgery (ssrf) in Microsoft Purview allows an unauthorized attacker to elevate privileges over a network.

Publicada: 23/4/2026, 22:16:23
Última modificación: 29/4/2026, 19:10:35

Referencias

InicioEventosBlogRecursosEquipo