{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-32168", "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "state": "PUBLISHED", "assignerShortName": "microsoft", "dateReserved": "2026-03-10T23:09:43.266Z", "datePublished": "2026-04-14T16:57:30.819Z", "dateUpdated": "2026-05-12T17:38:27.795Z"}, "containers": {"cna": {"title": "Azure Monitor Agent Elevation of Privilege Vulnerability", "datePublic": "2026-04-14T14:00:00.000Z", "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:microsoft:azure_monitor_agent:*:*:*:*:*:*:*:*", "versionStartIncluding": "1.0.0", "versionEndExcluding": "1.35.9"}]}]}], "affected": [{"vendor": "Microsoft", "product": "Azure Monitor", "versions": [{"version": "1.0.0", "lessThan": "1.35.9", "versionType": "custom", "status": "affected"}]}], "descriptions": [{"value": "Improper input validation in Azure Monitor Agent allows an authorized attacker to elevate privileges locally.", "lang": "en-US"}], "problemTypes": [{"descriptions": [{"description": "CWE-20: Improper Input Validation", "lang": "en-US", "type": "CWE", "cweId": "CWE-20"}]}], "providerMetadata": {"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft", "dateUpdated": "2026-05-12T17:38:27.795Z"}, "references": [{"name": "Azure Monitor Agent Elevation of Privilege Vulnerability", "tags": ["vendor-advisory", "patch"], "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32168"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en-US", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "baseSeverity": "HIGH", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C"}}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-09T00:00:00+00:00", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3", "id": "CVE-2026-32168"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-15T03:55:47.206Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-32168", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-04-14T18:39:36.806064Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-14T18:39:39.077Z"}}], "cna": {"title": "Azure Monitor Agent Elevation of Privilege Vulnerability", "metrics": [{"format": "CVSS", "cvssV3_1": {"version": "3.1", "baseScore": 7.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C"}, "scenarios": [{"lang": "en-US", "value": "GENERAL"}]}], "affected": [{"vendor": "Microsoft", "product": "Azure Monitor", "versions": [{"status": "affected", "version": "1.0.0", "lessThan": "1.35.9", "versionType": "custom"}]}], "datePublic": "2026-04-14T14:00:00.000Z", "references": [{"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32168", "name": "Azure Monitor Agent Elevation of Privilege Vulnerability", "tags": ["vendor-advisory", "patch"]}], "descriptions": [{"lang": "en-US", "value": "Improper input validation in Azure Monitor Agent allows an authorized attacker to elevate privileges locally."}], "problemTypes": [{"descriptions": [{"lang": "en-US", "type": "CWE", "cweId": "CWE-20", "description": "CWE-20: Improper Input Validation"}]}], "cpeApplicability": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:azure_monitor_agent:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "1.35.9", "versionStartIncluding": "1.0.0"}], "operator": "OR"}]}], "providerMetadata": {"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft", "dateUpdated": "2026-05-12T17:38:27.795Z"}}}, "cveMetadata": {"cveId": "CVE-2026-32168", "state": "PUBLISHED", "dateUpdated": "2026-05-12T17:38:27.795Z", "dateReserved": "2026-03-10T23:09:43.266Z", "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "datePublished": "2026-04-14T16:57:30.819Z", "assignerShortName": "microsoft"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:azure_monitor_agent:*:*:*:*:*:*:*:*", "matchCriteriaId": "3B8A1C65-34F4-429E-8DBF-FA336DA2D90E", "versionEndExcluding": "1.35.9", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Improper input validation in Azure Monitor Agent allows an authorized attacker to elevate privileges locally."}], "id": "CVE-2026-32168", "lastModified": "2026-05-06T18:21:58.037", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "secure@microsoft.com", "type": "Primary"}]}, "published": "2026-04-14T18:17:19.687", "references": [{"source": "secure@microsoft.com", "tags": ["Vendor Advisory"], "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32168"}], "sourceIdentifier": "secure@microsoft.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "secure@microsoft.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[1.0.0,1.35.9)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "Azure Monitor", "source": "cna", "vendor": "Microsoft"}, "product": "azure_monitor", "vendor": "microsoft"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[0,*]"}}], "enrichment": {"confidence": 95.0, "confidence_source": "inferred", "scores": [{"score": 95.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "product": "azure_monitor_agent", "vendor": "microsoft"}], "analysis": {"en": {"generated_at": "2026-04-14T20:03:45.170781+00:00", "value": {"mitigation_remediation": ["Apply Microsoft\u2019s latest Azure Monitor Agent update; verify all agents are patched to the latest version; restrict write access to the agent\u2019s configuration files to authorized users only; monitor audit logs for unusual privilege changes; consider running the agent with the least privilege privileges."], "summary": {"action": "Patch Immediately", "impact": "Local privilege escalation"}, "threat_synthesis": {"affected_systems": "Microsoft Azure Monitor Agent is the affected product. The specific agent version list is not detailed in the supplied data. Any installation of Azure Monitor Agent that has not been patched to the latest release could be vulnerable.", "description_and_impact": "This vulnerability arises from improper input validation in Azure Monitor Agent that permits an attacker with authorized local access to elevate privileges. By supplying specially crafted input, the attacker can gain elevated rights on the affected system, allowing full compromise of that machine. The weakness maps to CWE\u201120, indicating that lack of validation can be used to bypass security boundaries.", "risk_and_exploitability": "The CVSS v3.1 score of 7.8 classifies this flaw as High severity. No EPSS score is available, and it is not listed in the CISA KEV catalog. Exploitation requires that the attacker already has a foothold and is authorized to submit data to the agent. Once the input is accepted, the privilege escalation can occur with relatively minimal effort, leading to potential full system compromise. Because the attack vector is local, the risk is confined to systems where the agent is installed and the attacker can craft input."}}}}, "created": "2026-04-15T14:31:56.923614+00:00", "updated": "2026-04-15T15:00:06.181766+00:00", "vendors": ["microsoft", "microsoft$PRODUCT$azure_monitor", "microsoft$PRODUCT$azure_monitor_agent"]}