{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-21224", "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "state": "PUBLISHED", "assignerShortName": "microsoft", "dateReserved": "2025-12-11T21:02:05.732Z", "datePublished": "2026-01-13T17:56:51.530Z", "dateUpdated": "2026-04-01T13:49:00.969Z"}, "containers": {"cna": {"title": "Azure Connected Machine Agent Elevation of Privilege Vulnerability", "datePublic": "2026-01-13T16:00:00.000Z", "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:microsoft:azure_connected_machine_agent:*:*:*:*:*:*:*:*", "versionStartIncluding": "1.0.0", "versionEndExcluding": "1.60.03293.2680"}]}]}], "affected": [{"vendor": "Microsoft", "product": "Azure Connected Machine Agent", "versions": [{"version": "1.0.0", "lessThan": "1.60.03293.2680", "versionType": "custom", "status": "affected"}]}], "descriptions": [{"value": "Stack-based buffer overflow in Azure Connected Machine Agent allows an authorized attacker to elevate privileges locally.", "lang": "en-US"}], "problemTypes": [{"descriptions": [{"description": "CWE-121: Stack-based Buffer Overflow", "lang": "en-US", "type": "CWE", "cweId": "CWE-121"}]}], "providerMetadata": {"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft", "dateUpdated": "2026-04-01T13:49:00.969Z"}, "references": [{"name": "Azure Connected Machine Agent Elevation of Privilege Vulnerability", "tags": ["vendor-advisory", "patch"], "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21224"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en-US", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "baseSeverity": "HIGH", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C"}}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-01-13T21:44:09.699915Z", "id": "CVE-2026-21224", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-13T21:44:16.042Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-21224", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-01-13T21:44:09.699915Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-13T21:44:13.193Z"}}], "cna": {"title": "Azure Connected Machine Agent Elevation of Privilege Vulnerability", "metrics": [{"format": "CVSS", "cvssV3_1": {"version": "3.1", "baseScore": 7.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C"}, "scenarios": [{"lang": "en-US", "value": "GENERAL"}]}], "affected": [{"vendor": "Microsoft", "product": "Azure Connected Machine Agent", "versions": [{"status": "affected", "version": "1.0.0", "lessThan": "1.60.03293.2680", "versionType": "custom"}]}], "datePublic": "2026-01-13T16:00:00.000Z", "references": [{"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21224", "name": "Azure Connected Machine Agent Elevation of Privilege Vulnerability", "tags": ["vendor-advisory", "patch"]}], "descriptions": [{"lang": "en-US", "value": "Stack-based buffer overflow in Azure Connected Machine Agent allows an authorized attacker to elevate privileges locally."}], "problemTypes": [{"descriptions": [{"lang": "en-US", "type": "CWE", "cweId": "CWE-121", "description": "CWE-121: Stack-based Buffer Overflow"}]}], "cpeApplicability": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:azure_connected_machine_agent:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "1.60.03293.2680", "versionStartIncluding": "1.0.0"}], "operator": "OR"}]}], "providerMetadata": {"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft", "dateUpdated": "2026-04-01T13:49:00.969Z"}}}, "cveMetadata": {"cveId": "CVE-2026-21224", "state": "PUBLISHED", "dateUpdated": "2026-04-01T13:49:00.969Z", "dateReserved": "2025-12-11T21:02:05.732Z", "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "datePublished": "2026-01-13T17:56:51.530Z", "assignerShortName": "microsoft"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:azure_connected_machine_agent:*:*:*:*:*:*:*:*", "matchCriteriaId": "9F02DC0C-4673-4D33-A287-64DCAE26FD4E", "versionEndExcluding": "1.60", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Stack-based buffer overflow in Azure Connected Machine Agent allows an authorized attacker to elevate privileges locally."}], "id": "CVE-2026-21224", "lastModified": "2026-01-14T20:39:55.727", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "secure@microsoft.com", "type": "Primary"}]}, "published": "2026-01-13T18:16:24.883", "references": [{"source": "secure@microsoft.com", "tags": ["Vendor Advisory"], "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21224"}], "sourceIdentifier": "secure@microsoft.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-121"}], "source": "secure@microsoft.com", "type": "Primary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-16T18:14:09.306134+00:00", "value": {"mitigation_remediation": ["Check Microsoft\u2019s update guide for an Azure Connected Machine Agent patch that addresses the stack-based overflow and install it immediately.", "If no patch is available, upgrade the agent to the latest public release that provides a robust stack protection measure to mitigate the buffer overflow.", "Restrict the agent\u2019s execution privileges to the minimum required account and disable the agent if ongoing monitoring cannot be guaranteed until a patch is applied."], "summary": {"action": "Immediate Patch", "impact": "Privilege Escalation"}, "threat_synthesis": {"affected_systems": "The vulnerability affects Microsoft Azure Connected Machine Agent. No specific affected version range is listed, so all instances running a pre\u2011fix version remain vulnerable until a patch is applied.", "description_and_impact": "The flaw is a stack-based buffer overflow that can be triggered by an authorized local attacker against the Azure Connected Machine Agent. Exploiting this overflow permits the attacker to overwrite control data on the stack and gain elevated privileges on the host, enabling any action normally restricted to higher-privileged accounts. The weakness is classified as CWE-121, which describes unprotected or inadequately protected buffer access that may lead to memory corruption.", "risk_and_exploitability": "With a CVSS score of 7.8, the incident poses high impact if exploited, yet the EPSS score of less than 1% indicates a low likelihood of exploitation at present. The vulnerability is not included in the CISA Known Exploited Vulnerabilities list, and no public exploit is known. The attack vector is inferred to be local, requiring the attacker to have some level of authorized access to execute code within the agent process and trigger the overflow."}}}}, "created": "2026-04-16T18:15:43.301091+00:00", "updated": "2026-04-16T18:15:43.301101+00:00", "vendors": []}