{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-26117", "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "state": "PUBLISHED", "assignerShortName": "microsoft", "dateReserved": "2026-02-11T15:52:13.911Z", "datePublished": "2026-03-10T17:05:20.543Z", "dateUpdated": "2026-04-14T16:36:39.995Z"}, "containers": {"cna": {"title": "Arc Enabled Servers - Azure Connected Machine Agent Elevation of Privilege Vulnerability", "datePublic": "2026-03-10T14:00:00.000Z", "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:microsoft:arc_enabled_servers_azure_connected_machine_agent:*:*:*:*:*:*:*:*", "versionStartIncluding": "1.0.0", "versionEndExcluding": "1.61"}]}]}], "affected": [{"vendor": "Microsoft", "product": "Arc Enabled Servers - Azure Connected Machine Agent", "versions": [{"version": "1.0.0", "lessThan": "1.61", "versionType": "custom", "status": "affected"}]}], "descriptions": [{"value": "Authentication bypass using an alternate path or channel in Azure Windows Virtual Machine Agent allows an authorized attacker to elevate privileges locally.", "lang": "en-US"}], "problemTypes": [{"descriptions": [{"description": "CWE-288: Authentication Bypass Using an Alternate Path or Channel", "lang": "en-US", "type": "CWE", "cweId": "CWE-288"}]}], "providerMetadata": {"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft", "dateUpdated": "2026-04-14T16:36:39.995Z"}, "references": [{"name": "Arc Enabled Servers - Azure Connected Machine Agent Elevation of Privilege Vulnerability", "tags": ["vendor-advisory", "patch"], "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26117"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en-US", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "baseSeverity": "HIGH", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C"}}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-05T00:00:00+00:00", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3", "id": "CVE-2026-26117"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-11T03:56:24.816Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-26117", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-03-10T18:39:47.670257Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-10T18:39:48.729Z"}}], "cna": {"title": "Arc Enabled Servers - Azure Connected Machine Agent Elevation of Privilege Vulnerability", "metrics": [{"format": "CVSS", "cvssV3_1": {"version": "3.1", "baseScore": 7.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C"}, "scenarios": [{"lang": "en-US", "value": "GENERAL"}]}], "affected": [{"vendor": "Microsoft", "product": "Arc Enabled Servers - Azure Connected Machine Agent", "versions": [{"status": "affected", "version": "1.0.0", "lessThan": "1.61", "versionType": "custom"}]}], "datePublic": "2026-03-10T14:00:00.000Z", "references": [{"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26117", "name": "Arc Enabled Servers - Azure Connected Machine Agent Elevation of Privilege Vulnerability", "tags": ["vendor-advisory", "patch"]}], "descriptions": [{"lang": "en-US", "value": "Authentication bypass using an alternate path or channel in Azure Windows Virtual Machine Agent allows an authorized attacker to elevate privileges locally."}], "problemTypes": [{"descriptions": [{"lang": "en-US", "type": "CWE", "cweId": "CWE-288", "description": "CWE-288: Authentication Bypass Using an Alternate Path or Channel"}]}], "cpeApplicability": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:arc_enabled_servers_azure_connected_machine_agent:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "1.61", "versionStartIncluding": "1.0.0"}], "operator": "OR"}]}], "providerMetadata": {"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft", "dateUpdated": "2026-04-14T16:36:39.995Z"}}}, "cveMetadata": {"cveId": "CVE-2026-26117", "state": "PUBLISHED", "dateUpdated": "2026-04-14T16:36:39.995Z", "dateReserved": "2026-02-11T15:52:13.911Z", "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "datePublished": "2026-03-10T17:05:20.543Z", "assignerShortName": "microsoft"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:arc_enabled_servers_azure_connected_machine_agent:*:*:*:*:*:*:*:*", "matchCriteriaId": "50898895-9E82-4377-BAA0-E74F5F332760", "versionEndExcluding": "1.61", "versionStartIncluding": "1.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Authentication bypass using an alternate path or channel in Azure Windows Virtual Machine Agent allows an authorized attacker to elevate privileges locally."}, {"lang": "es", "value": "Omisi\u00f3n de autenticaci\u00f3n utilizando una ruta o canal alternativo en el Agente de M\u00e1quina Virtual de Azure Windows permite a un atacante autorizado elevar privilegios localmente."}], "id": "CVE-2026-26117", "lastModified": "2026-03-13T20:14:21.453", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "secure@microsoft.com", "type": "Primary"}]}, "published": "2026-03-10T18:18:41.017", "references": [{"source": "secure@microsoft.com", "tags": ["Vendor Advisory"], "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26117"}], "sourceIdentifier": "secure@microsoft.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-288"}], "source": "secure@microsoft.com", "type": "Primary"}, {"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[1.0.0,1.61)"}}], "enrichment": {"confidence": 95.0, "confidence_source": "inferred", "scores": [{"score": 95.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "Arc Enabled Servers - Azure Connected Machine Agent", "source": "cna", "vendor": "Microsoft"}, "product": "arc_enabled_servers_azure_connected_machine_agent", "vendor": "microsoft"}], "analysis": {"en": {"generated_at": "2026-03-16T23:15:07.946891+00:00", "value": {"mitigation_remediation": ["Apply the latest Microsoft patch or upgrade to the current release of the Azure Connected Machine Agent. ", "If an immediate patch is unavailable, restrict or disable the alternate channel/path used by the agent to prevent authentication bypass. ", "Monitor agent logs for authentication attempts via non-standard paths and review network traffic for unusual agent activity. ", "Maintain up\u2011to\u2011date Microsoft advisories and follow any further vendor guidance for mitigation."], "summary": {"action": "Apply Patch", "impact": "Local Privilege Escalation"}, "threat_synthesis": {"affected_systems": "Affected vendor: Microsoft. Product: Arc Enabled Servers \u2013 Azure Connected Machine Agent. The CVE data does not list specific product versions or build numbers; the vulnerability is reported for the Azure Connected Machine Agent in general. Operators should verify whether their agent deployment falls under the scope of this advisory and consult Microsoft for version details.", "description_and_impact": "Key detail from vendor description: \"Authentication bypass using an alternate path or channel in Azure Windows Virtual Machine Agent allows an authorized attacker to elevate privileges locally.\" The vulnerability is an improper authentication flaw (CWE-288) that permits an attacker who already has some level of access to bypass normal agent authentication and gain elevated local privileges. This could allow the attacker to execute arbitrary code with higher privileges on the affected host, potentially compromising system integrity and confidentiality.", "risk_and_exploitability": "The CVSS score of 7.8 indicates a high severity rating for local privilege escalation. The EPSS score of <1% reflects a low current probability of exploitation, and the vulnerability is not listed in the CISA KEV catalog. The likely attack vector is local, requiring the attacker to reach the agent through its alternate communication channel or path; however, the exact conditions for exploitation are not detailed in the input. Inferred from the description, the attacker would need prior authenticated access or the ability to interact with the agent\u2019s alternate channel."}}}}, "created": "2026-03-11T11:45:13.355766+00:00", "updated": "2026-03-20T14:34:02.703448+00:00", "vendors": ["microsoft", "microsoft$PRODUCT$arc_enabled_servers_azure_connected_machine_agent"]}