{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-32192", "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "state": "PUBLISHED", "assignerShortName": "microsoft", "dateReserved": "2026-03-11T00:26:53.427Z", "datePublished": "2026-04-14T16:57:35.447Z", "dateUpdated": "2026-05-12T17:38:31.713Z"}, "containers": {"cna": {"title": "Azure Monitor Agent Elevation of Privilege Vulnerability", "datePublic": "2026-04-14T14:00:00.000Z", "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:microsoft:azure_monitor_agent:*:*:*:*:*:*:*:*", "versionStartIncluding": "1.0.0", "versionEndExcluding": "1.41.0"}]}]}], "affected": [{"vendor": "Microsoft", "product": "Azure Monitor", "versions": [{"version": "1.0.0", "lessThan": "1.41.0", "versionType": "custom", "status": "affected"}]}], "descriptions": [{"value": "Deserialization of untrusted data in Azure Monitor Agent allows an authorized attacker to elevate privileges locally.", "lang": "en-US"}], "problemTypes": [{"descriptions": [{"description": "CWE-502: Deserialization of Untrusted Data", "lang": "en-US", "type": "CWE", "cweId": "CWE-502"}]}], "providerMetadata": {"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft", "dateUpdated": "2026-05-12T17:38:31.713Z"}, "references": [{"name": "Azure Monitor Agent Elevation of Privilege Vulnerability", "tags": ["vendor-advisory", "patch"], "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32192"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en-US", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "baseSeverity": "HIGH", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C"}}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-09T00:00:00+00:00", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3", "id": "CVE-2026-32192"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-15T03:55:44.366Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-32192", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-04-14T19:32:23.471367Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-14T19:32:29.918Z"}}], "cna": {"title": "Azure Monitor Agent Elevation of Privilege Vulnerability", "metrics": [{"format": "CVSS", "cvssV3_1": {"version": "3.1", "baseScore": 7.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C"}, "scenarios": [{"lang": "en-US", "value": "GENERAL"}]}], "affected": [{"vendor": "Microsoft", "product": "Azure Monitor", "versions": [{"status": "affected", "version": "1.0.0", "lessThan": "1.41.0", "versionType": "custom"}]}], "datePublic": "2026-04-14T14:00:00.000Z", "references": [{"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32192", "name": "Azure Monitor Agent Elevation of Privilege Vulnerability", "tags": ["vendor-advisory", "patch"]}], "descriptions": [{"lang": "en-US", "value": "Deserialization of untrusted data in Azure Monitor Agent allows an authorized attacker to elevate privileges locally."}], "problemTypes": [{"descriptions": [{"lang": "en-US", "type": "CWE", "cweId": "CWE-502", "description": "CWE-502: Deserialization of Untrusted Data"}]}], "cpeApplicability": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:azure_monitor_agent:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "1.41.0", "versionStartIncluding": "1.0.0"}], "operator": "OR"}]}], "providerMetadata": {"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft", "dateUpdated": "2026-05-12T17:38:31.713Z"}}}, "cveMetadata": {"cveId": "CVE-2026-32192", "state": "PUBLISHED", "dateUpdated": "2026-05-12T17:38:31.713Z", "dateReserved": "2026-03-11T00:26:53.427Z", "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "datePublished": "2026-04-14T16:57:35.447Z", "assignerShortName": "microsoft"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:azure_monitor_agent:*:*:*:*:*:*:*:*", "matchCriteriaId": "21B40C5C-488F-40F3-A0CA-A455A020827F", "versionEndExcluding": "1.41.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Deserialization of untrusted data in Azure Monitor Agent allows an authorized attacker to elevate privileges locally."}], "id": "CVE-2026-32192", "lastModified": "2026-05-07T02:31:22.303", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "secure@microsoft.com", "type": "Primary"}]}, "published": "2026-04-14T18:17:25.723", "references": [{"source": "secure@microsoft.com", "tags": ["Vendor Advisory"], "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32192"}], "sourceIdentifier": "secure@microsoft.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-502"}], "source": "secure@microsoft.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[1.0.0,1.41.0)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "Azure Monitor", "source": "cna", "vendor": "Microsoft"}, "product": "azure_monitor", "vendor": "microsoft"}, {"configurations": [{"platform": null, "status": "affected", "versions": null}], "enrichment": {"confidence": 95.0, "confidence_source": "inferred", "scores": [{"score": 95.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "product": "azure_monitor_agent", "vendor": "microsoft"}], "analysis": {"en": {"generated_at": "2026-04-14T20:01:05.394880+00:00", "value": {"mitigation_remediation": ["Apply the latest Azure Monitor Agent update from Microsoft"], "summary": {"action": "Immediate Patch", "impact": "Elevation of Privilege"}, "threat_synthesis": {"affected_systems": "Microsoft Azure Monitor Agent is affected. Specific version ranges have not been disclosed in the available data.", "description_and_impact": "The vulnerability involves deserialization of untrusted data in Azure Monitor Agent. A user with authorized local access could exploit this flaw to elevate privileges on the affected machine. The weakness is identified as data deserialization vulnerability (CWE-502).", "risk_and_exploitability": "The CVSS score of 7.8 indicates a high severity impact, and although the EPSS score is not available, the vulnerability is not listed in the CISA KEV catalog. The attack requires local authorization and involves processing of untrusted data, suggesting that a privileged or temporarily authorized user could misuse the flaw to gain higher privileges. The risk remains significant until a vendor patch is applied."}}}}, "created": "2026-04-15T14:31:56.922414+00:00", "updated": "2026-04-15T15:00:06.179278+00:00", "vendors": ["microsoft", "microsoft$PRODUCT$azure_monitor", "microsoft$PRODUCT$azure_monitor_agent"]}