Severity by source
Sources disagree (Medium–Critical)AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Description states an 'authorized attacker,' so PR:L rather than PR:N; network vector and low complexity retained, with total technical impact giving C/I/A:H.
vuln.today treats the vendor’s rating as authoritative. A higher third-party CVSS (e.g. CISA-ADP) is shown for transparency but does not drive the headline severity.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
6DescriptionNVD
Improper access control in Azure Synapse allows an authorized attacker to elevate privileges over a network.
AnalysisAI
Privilege elevation in Microsoft Azure Synapse Analytics allows a network-based, authorized attacker to bypass improper access controls and gain higher privileges than assigned. The flaw carries a critical 9.8 CVSS with full confidentiality, integrity, and availability impact, though its EPSS probability is modest (0.33%, 24th percentile) and CISA SSVC records no observed exploitation. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | The description specifies an 'authorized attacker' elevating privileges over a network, so the concrete prerequisite is possession of an existing authorized/authenticated identity with network reachability to the Azure Synapse service - this directly contradicts the CVSS PR:N and indicates at least low-privilege authentication is required in practice. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The signals are notably in tension and should be weighed carefully. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker holding a low-privilege authorized identity within (or reachable to) an Azure Synapse workspace sends crafted requests over the network that exploit the missing authorization check, causing the service to grant actions beyond the attacker's assigned role. Leveraging the low attack complexity, the attacker escalates to a higher-privileged context and gains total control over the affected data and processing resources. … |
| Remediation | Because Azure Synapse is a Microsoft-managed cloud service, remediation is primarily service-side: Microsoft reports a patch is available per the Security Update Guide (https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26145), and customers should confirm their workspaces are running the updated service and apply any customer-actionable steps Microsoft specifies there. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours: Identify all Synapse Analytics deployments and classify by data sensitivity; alert affected teams that a critical patch is available. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
More in Azure Synapse
View allSame weakness CWE-284 – Improper Access Control
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-41444
GHSA-g6fh-wh88-hxp9