Azure Iot Explorer
CVE-2026-26121
HIGH
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Lifecycle Timeline
2DescriptionCVE.org
Server-side request forgery (ssrf) in Azure IoT Explorer allows an unauthorized attacker to perform spoofing over a network.
AnalysisAI
Azure IoT Explorer is vulnerable to server-side request forgery that enables unauthenticated network-based attackers to perform spoofing attacks and access sensitive information. The vulnerability requires no user interaction and can be exploited remotely with low attack complexity, affecting the confidentiality of exposed data. No patch is currently available.
Technical ContextAI
Classified as CWE-20 (Improper Input Validation). Server-side request forgery (ssrf) in Azure IoT Explorer allows an unauthorized attacker to perform spoofing over a network.
RemediationAI
Monitor vendor advisories for a patch. Restrict network access to the affected service where possible.
More in Azure Iot Explorer
View allAzure IoT Explorer fails to properly restrict communication to intended endpoints, enabling unauthenticated attackers to
Azure IoT Explorer fails to enforce authentication on a critical function, enabling unauthenticated network attackers to
Sensitive data transmission over cleartext in Azure IoT Explorer enables network-based attackers to intercept and disclo
Azure IoT Explorer binds to unrestricted IP addresses, enabling unauthenticated remote attackers to intercept and disclo
Same weakness CWE-20 – Improper Input Validation
View allShare
External POC / Exploit Code
Leaving vuln.today