{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-23662", "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "state": "PUBLISHED", "assignerShortName": "microsoft", "dateReserved": "2026-01-14T16:59:33.463Z", "datePublished": "2026-03-10T17:05:16.330Z", "dateUpdated": "2026-04-14T16:36:34.918Z"}, "containers": {"cna": {"title": "Azure IoT Explorer Information Disclosure Vulnerability", "datePublic": "2026-03-10T14:00:00.000Z", "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:microsoft:azure_iot_explorer:*:*:*:*:*:*:*:*", "versionStartIncluding": "1.0.0", "versionEndExcluding": "0.15.13"}]}]}], "affected": [{"vendor": "Microsoft", "product": "Azure IoT Explorer", "versions": [{"version": "1.0.0", "lessThan": "0.15.13", "versionType": "custom", "status": "affected"}]}], "descriptions": [{"value": "Missing authentication for critical function in Azure IoT Explorer allows an unauthorized attacker to disclose information over a network.", "lang": "en-US"}], "problemTypes": [{"descriptions": [{"description": "CWE-306: Missing Authentication for Critical Function", "lang": "en-US", "type": "CWE", "cweId": "CWE-306"}, {"description": "CWE-319: Cleartext Transmission of Sensitive Information", "lang": "en-US", "type": "CWE", "cweId": "CWE-319"}]}], "providerMetadata": {"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft", "dateUpdated": "2026-04-14T16:36:34.918Z"}, "references": [{"name": "Azure IoT Explorer Information Disclosure Vulnerability", "tags": ["vendor-advisory", "patch"], "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-23662"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en-US", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "baseSeverity": "HIGH", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C"}}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-10T19:53:37.580696Z", "id": "CVE-2026-23662", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-10T19:53:45.696Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-23662", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-10T19:53:37.580696Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-10T19:53:42.482Z"}}], "cna": {"title": "Azure IoT Explorer Information Disclosure Vulnerability", "metrics": [{"format": "CVSS", "cvssV3_1": {"version": "3.1", "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C"}, "scenarios": [{"lang": "en-US", "value": "GENERAL"}]}], "affected": [{"vendor": "Microsoft", "product": "Azure IoT Explorer", "versions": [{"status": "affected", "version": "1.0.0", "lessThan": "0.15.13", "versionType": "custom"}]}], "datePublic": "2026-03-10T14:00:00.000Z", "references": [{"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-23662", "name": "Azure IoT Explorer Information Disclosure Vulnerability", "tags": ["vendor-advisory", "patch"]}], "descriptions": [{"lang": "en-US", "value": "Missing authentication for critical function in Azure IoT Explorer allows an unauthorized attacker to disclose information over a network."}], "problemTypes": [{"descriptions": [{"lang": "en-US", "type": "CWE", "cweId": "CWE-306", "description": "CWE-306: Missing Authentication for Critical Function"}, {"lang": "en-US", "type": "CWE", "cweId": "CWE-319", "description": "CWE-319: Cleartext Transmission of Sensitive Information"}]}], "cpeApplicability": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:azure_iot_explorer:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "0.15.13", "versionStartIncluding": "1.0.0"}], "operator": "OR"}]}], "providerMetadata": {"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft", "dateUpdated": "2026-04-14T16:36:34.918Z"}}}, "cveMetadata": {"cveId": "CVE-2026-23662", "state": "PUBLISHED", "dateUpdated": "2026-04-14T16:36:34.918Z", "dateReserved": "2026-01-14T16:59:33.463Z", "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "datePublished": "2026-03-10T17:05:16.330Z", "assignerShortName": "microsoft"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:azure_iot_explorer:*:*:*:*:*:*:*:*", "matchCriteriaId": "BA6401CB-2490-4A38-8F23-363906BAF296", "versionEndExcluding": "0.15.13", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Missing authentication for critical function in Azure IoT Explorer allows an unauthorized attacker to disclose information over a network."}, {"lang": "es", "value": "Falta de autenticaci\u00f3n para una funci\u00f3n cr\u00edtica en Azure IoT Explorer permite a un atacante no autorizado divulgar informaci\u00f3n a trav\u00e9s de una red."}], "id": "CVE-2026-23662", "lastModified": "2026-03-12T19:32:14.227", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "secure@microsoft.com", "type": "Primary"}]}, "published": "2026-03-10T18:18:14.373", "references": [{"source": "secure@microsoft.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-23662"}], "sourceIdentifier": "secure@microsoft.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-306"}, {"lang": "en", "value": "CWE-319"}], "source": "secure@microsoft.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[1.0.0,0.15.13)"}}], "enrichment": {"confidence": 95.0, "confidence_source": "inferred", "scores": [{"score": 95.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "Azure IoT Explorer", "source": "cna", "vendor": "Microsoft"}, "product": "azure_iot_explorer", "vendor": "microsoft"}], "analysis": {"en": {"generated_at": "2026-03-16T23:16:46.942730+00:00", "value": {"mitigation_remediation": ["Verify the current Azure IoT Explorer version and consult Microsoft\u2019s update guide for the latest security patch.", "If the vulnerable version is in use, apply the vendor\u2019s latest patch as soon as it is released.", "In the meantime, limit network access to the Azure IoT Explorer component to trusted users and isolate it from untrusted networks."], "summary": {"action": "Apply Patch", "impact": "Information Disclosure"}, "threat_synthesis": {"affected_systems": "Microsoft Azure IoT Explorer is the affected product. No specific version information is provided in the CVE entry, so all versions of the product should be reviewed for susceptibility.", "description_and_impact": "The vulnerability arises from missing authentication for a critical function in Azure IoT Explorer, allowing an unauthorized party to retrieve sensitive data. The primary impact is a confidentiality breach, as the attacker can read configuration or other protected information. The weakness corresponds to CWE-306 (Missing Authentication Related to Access Control) and CWE-319 (Cleartext Transmission of Sensitive Information).", "risk_and_exploitability": "The CVSS score of 7.5 indicates a High severity vulnerability. The EPSS score is reported as less than 1%, suggesting a low probability of exploitation at present. The vulnerability is not listed in the CISA KEV catalog. Attackers could exploit the flaw over the network by accessing the unprotected function, without needing local or elevated privileges."}}}}, "created": "2026-03-11T11:45:25.942345+00:00", "updated": "2026-03-20T14:34:08.926612+00:00", "vendors": ["microsoft", "microsoft$PRODUCT$azure_iot_explorer"]}