{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-24306", "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "state": "PUBLISHED", "assignerShortName": "microsoft", "dateReserved": "2026-01-21T21:28:02.969Z", "datePublished": "2026-01-22T22:47:34.942Z", "dateUpdated": "2026-04-01T13:49:23.912Z"}, "containers": {"cna": {"title": "Azure Front Door Elevation of Privilege Vulnerability", "datePublic": "2026-01-22T16:00:00.000Z", "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:microsoft:azure_front_door:*:*:*:*:*:*:*:*", "versionStartIncluding": "-"}]}]}], "affected": [{"vendor": "Microsoft", "product": "Azure Front Door", "versions": [{"version": "-", "status": "affected"}]}], "descriptions": [{"value": "Improper access control in Azure Front Door (AFD) allows an unauthorized attacker to elevate privileges over a network.", "lang": "en-US"}], "problemTypes": [{"descriptions": [{"description": "CWE-284: Improper Access Control", "lang": "en-US", "type": "CWE", "cweId": "CWE-284"}]}], "providerMetadata": {"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft", "dateUpdated": "2026-04-01T13:49:23.912Z"}, "references": [{"name": "Azure Front Door Elevation of Privilege Vulnerability", "tags": ["vendor-advisory", "patch"], "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-24306"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en-US", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "baseSeverity": "CRITICAL", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C"}}], "tags": ["exclusively-hosted-service"]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-24306", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-01-24T04:55:21.353118Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-26T14:44:30.329Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-24306", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-01-24T04:55:21.353118Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-23T20:06:59.973Z"}}], "cna": {"tags": ["exclusively-hosted-service"], "title": "Azure Front Door Elevation of Privilege Vulnerability", "metrics": [{"format": "CVSS", "cvssV3_1": {"version": "3.1", "baseScore": 9.8, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C"}, "scenarios": [{"lang": "en-US", "value": "GENERAL"}]}], "affected": [{"vendor": "Microsoft", "product": "Azure Front Door", "versions": [{"status": "affected", "version": "-"}]}], "datePublic": "2026-01-22T16:00:00.000Z", "references": [{"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-24306", "name": "Azure Front Door Elevation of Privilege Vulnerability", "tags": ["vendor-advisory", "patch"]}], "descriptions": [{"lang": "en-US", "value": "Improper access control in Azure Front Door (AFD) allows an unauthorized attacker to elevate privileges over a network."}], "problemTypes": [{"descriptions": [{"lang": "en-US", "type": "CWE", "cweId": "CWE-284", "description": "CWE-284: Improper Access Control"}]}], "cpeApplicability": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:azure_front_door:*:*:*:*:*:*:*:*", "vulnerable": true, "versionStartIncluding": "-"}], "operator": "OR"}]}], "providerMetadata": {"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft", "dateUpdated": "2026-04-01T13:49:23.912Z"}}}, "cveMetadata": {"cveId": "CVE-2026-24306", "state": "PUBLISHED", "dateUpdated": "2026-04-01T13:49:23.912Z", "dateReserved": "2026-01-21T21:28:02.969Z", "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "datePublished": "2026-01-22T22:47:34.942Z", "assignerShortName": "microsoft"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:azure_front_door:-:*:*:*:*:*:*:*", "matchCriteriaId": "F66AE777-ECFA-4FD1-A6B5-AD9E8181020A", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [{"sourceIdentifier": "secure@microsoft.com", "tags": ["exclusively-hosted-service"]}], "descriptions": [{"lang": "en", "value": "Improper access control in Azure Front Door (AFD) allows an unauthorized attacker to elevate privileges over a network."}], "id": "CVE-2026-24306", "lastModified": "2026-02-27T13:44:45.297", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "secure@microsoft.com", "type": "Primary"}]}, "published": "2026-01-22T23:15:58.837", "references": [{"source": "secure@microsoft.com", "tags": ["Vendor Advisory"], "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-24306"}], "sourceIdentifier": "secure@microsoft.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-284"}], "source": "secure@microsoft.com", "type": "Primary"}, {"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-16T01:56:15.041369+00:00", "value": {"mitigation_remediation": ["Apply the latest Azure Front Door security patch as outlined in Microsoft's update guide", "Restrict network access to Azure Front Door management endpoints using firewall rules or network security groups to limit exposure to trusted IP ranges", "Continuously monitor Azure Front Door logs and alerts for suspicious activity that may indicate exploitation attempts"], "summary": {"action": "Immediate Patch", "impact": "Privilege Escalation"}, "threat_synthesis": {"affected_systems": "Microsoft Azure Front Door is affected. No specific version details are provided, implying that all current Azure Front Door deployments that have not applied the latest security update are vulnerable.", "description_and_impact": "Improper access control in Azure Front Door enables an unauthorized attacker to elevate privileges over a network. This can allow an attacker to gain higher permissions within Azure Front Door, potentially compromising resources protected by the service. The weakness is identified as CWE-284, improper authorization.", "risk_and_exploitability": "The CVSS score of 9.8 signals a severe risk, while the EPSS score of less than 1% indicates that exploitation is expected to be uncommon at this time. The vulnerability is not yet listed in the CISA KEV catalog. Based on the description, the attacker would need network access to an Azure Front Door instance and would exploit a control plane access control flaw; the exact exploitation steps are not detailed but are inferred to involve remote network access."}}}}, "created": "2026-04-16T02:00:12.338115+00:00", "updated": "2026-04-16T02:00:12.338126+00:00", "vendors": []}