Skip to main content

Azure CVE-2026-23661

HIGH
Cleartext Transmission of Sensitive Information (CWE-319)
2026-03-10 secure@microsoft.com
7.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.5 HIGH
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

3
Analysis Generated
Mar 12, 2026 - 21:55 vuln.today
Patch released
Mar 12, 2026 - 19:31 nvd
Patch available
CVE Published
Mar 10, 2026 - 18:18 nvd
HIGH 7.5

DescriptionCVE.org

Cleartext transmission of sensitive information in Azure IoT Explorer allows an unauthorized attacker to disclose information over a network.

AnalysisAI

Sensitive data transmission over cleartext in Azure IoT Explorer enables network-based attackers to intercept and disclose confidential information without authentication. This vulnerability affects Azure IoT deployments and could expose device credentials, configuration details, or other sensitive metadata to passive network observers. A patch is available to remediate the cleartext transmission issue.

Technical ContextAI

Classified as CWE-319 (Cleartext Transmission of Sensitive Information). Affects Azure Iot Explorer. Cleartext transmission of sensitive information in Azure IoT Explorer allows an unauthorized attacker to disclose information over a network.

RemediationAI

A vendor patch is available — apply it immediately. Restrict network access to the affected service where possible.

More in Azure

View all
CVE-2026-23889 MEDIUM POC
6.5 Jan 26

Path traversal in pnpm's tarball extraction on Windows allows attackers to write files outside the intended package dire

CVE-2026-31957 CRITICAL
10.0 Mar 11

Default password in Himmelblau Azure Entra ID suite 3.0.0-3.0.x. CVSS 10.0.

CVE-2025-20286 CRITICAL
9.9 Jun 04

Default credentials in Cisco ISE cloud deployments on AWS/Azure/OCI. CVSS 9.9.

CVE-2026-24304 CRITICAL
9.9 Jan 23

Azure Resource Manager has a CVSS 9.9 access control vulnerability allowing authorized users to escalate privileges acro

CVE-2026-21531 CRITICAL
9.8 Feb 10

Deserialization of untrusted data in Azure SDK allows unauthorized code execution over a network. EPSS 0.32%.

CVE-2026-24300 CRITICAL
9.8 Feb 05

Elevation of privilege vulnerability in Azure Front Door allows attackers to gain elevated access. Microsoft Azure cloud

CVE-2026-24306 CRITICAL
9.8 Jan 22

Azure Front Door has an improper access control vulnerability (CVSS 9.8) allowing unauthorized attackers to elevate priv

CVE-2026-3224 CRITICAL
9.8 Mar 03

Azure AD auth bypass in Devolutions Server 2025.3.15.0 and earlier.

CVE-2026-23518 CRITICAL
9.8 Jan 21

Fleet device management software has a signature verification bypass that allows attackers to install malicious firmware

CVE-2026-24305 CRITICAL
9.3 Jan 22

Azure Entra ID (formerly Azure AD) has an elevation of privilege vulnerability allowing attackers to escalate permission

CVE-2026-21227 HIGH
8.2 Jan 22

Privilege escalation in Azure Logic Apps results from improper path validation, enabling remote attackers to gain elevat

CVE-2026-21532 HIGH
8.2 Feb 05

Azure Function Information Disclosure Vulnerability [CVSS 8.2 HIGH]

Share

CVE-2026-23661 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy