Arc Enabled Servers Azure Connected Machine Agent
CVE-2026-26117
HIGH
Severity by source
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
2DescriptionCVE.org
Authentication bypass using an alternate path or channel in Azure Windows Virtual Machine Agent allows an authorized attacker to elevate privileges locally.
AnalysisAI
Privilege escalation in Microsoft Azure Connected Machine Agent on Windows allows local authenticated users to bypass authentication mechanisms and gain elevated system privileges. An attacker with existing local access can exploit alternate authentication paths to escalate their permissions without user interaction. No patch is currently available for this vulnerability affecting Arc Enabled Servers.
Technical ContextAI
Authentication bypass using an alternate path or channel in Azure Windows Virtual Machine Agent allows an authorized attacker to elevate privileges locally.
RemediationAI
Monitor vendor advisories for a patch.
Same technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today