Severity by source
AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
Primary rating from NVD.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
Lifecycle Timeline
2DescriptionCVE.org
Improper access control in Azure AI Foundry M365 published agents allows an unauthorized attacker to elevate privileges over a network.
AnalysisAI
Confidentiality breach in Azure AI Foundry M365 published agents enables remote unauthenticated attackers to access high-value data through improper access control (CWE-284). The vulnerability affects agents published through M365 integration, allowing privilege escalation over the network with no authentication required and low attack complexity (CVSS:3.1 AV:N/AC:L/PR:N/UI:N). Microsoft has released a vendor patch per MSRC advisory. No active exploitation confirmed by CISA KEV, and EPSS data not available at time of analysis.
Technical ContextAI
Azure AI Foundry is Microsoft's platform for building, deploying, and managing AI agents and applications. The vulnerability stems from improper access control (CWE-284) in the M365 published agents feature, which allows organizations to deploy AI agents within Microsoft 365 environments. The flaw occurs in the authorization layer that should validate whether requesters have legitimate permissions to interact with published agents. The CVSS vector indicates a Changed scope (S:C), meaning the vulnerable component (Azure AI Foundry) allows impact to resources beyond its security scope, suggesting the vulnerability may allow access to data or resources in connected M365 tenants or services. The CPE identifier cpe:2.3:a:microsoft:azure_ai_foundry indicates the vulnerability affects the Azure AI Foundry platform itself rather than specific agent implementations.
RemediationAI
Apply the vendor-released patch immediately for environments using Azure AI Foundry M365 published agents by following guidance in the Microsoft Security Response Center advisory at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-35435. As Azure AI Foundry is a cloud service, Microsoft may deploy the fix automatically to the platform backend, but organizations should verify patch status through the Azure portal and confirm that published agents reflect the updated security controls. Until patching is confirmed complete, implement compensating controls by restricting network access to Azure AI Foundry M365 published agents through Azure Firewall or Network Security Groups to allow only trusted IP ranges or internal corporate networks, though this reduces functionality for legitimate remote users. Alternatively, temporarily unpublish affected M365 agents and transition to alternative deployment methods (Azure-only publishing without M365 integration) until the security update is verified, noting this will disrupt M365-based workflows. Review audit logs in Azure Monitor and M365 compliance center for any unauthorized access patterns to published agents during the vulnerable period, focusing on authentication events and data access from unexpected sources or geographic locations.
Same weakness CWE-284 – Improper Access Control
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-28454
GHSA-j3m5-fchj-4gfr