Skip to main content

Azure AI Foundry CVE-2026-35435

| EUVDEUVD-2026-28454 HIGH
Improper Access Control (CWE-284)
2026-05-07 microsoft GHSA-j3m5-fchj-4gfr
8.6
CVSS 3.1 · NVD
Temporal: 7.5
Share

Severity by source

NVD PRIMARY
8.6 HIGH
AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
ENISA EUVD
HIGH
qualitative
CIRCL (temporal)
7.5 HIGH
cvss

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

2
Analysis Generated
May 07, 2026 - 22:03 vuln.today
CVE Published
May 07, 2026 - 20:58 nvd
HIGH 8.6

DescriptionCVE.org

Improper access control in Azure AI Foundry M365 published agents allows an unauthorized attacker to elevate privileges over a network.

AnalysisAI

Confidentiality breach in Azure AI Foundry M365 published agents enables remote unauthenticated attackers to access high-value data through improper access control (CWE-284). The vulnerability affects agents published through M365 integration, allowing privilege escalation over the network with no authentication required and low attack complexity (CVSS:3.1 AV:N/AC:L/PR:N/UI:N). Microsoft has released a vendor patch per MSRC advisory. No active exploitation confirmed by CISA KEV, and EPSS data not available at time of analysis.

Technical ContextAI

Azure AI Foundry is Microsoft's platform for building, deploying, and managing AI agents and applications. The vulnerability stems from improper access control (CWE-284) in the M365 published agents feature, which allows organizations to deploy AI agents within Microsoft 365 environments. The flaw occurs in the authorization layer that should validate whether requesters have legitimate permissions to interact with published agents. The CVSS vector indicates a Changed scope (S:C), meaning the vulnerable component (Azure AI Foundry) allows impact to resources beyond its security scope, suggesting the vulnerability may allow access to data or resources in connected M365 tenants or services. The CPE identifier cpe:2.3:a:microsoft:azure_ai_foundry indicates the vulnerability affects the Azure AI Foundry platform itself rather than specific agent implementations.

RemediationAI

Apply the vendor-released patch immediately for environments using Azure AI Foundry M365 published agents by following guidance in the Microsoft Security Response Center advisory at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-35435. As Azure AI Foundry is a cloud service, Microsoft may deploy the fix automatically to the platform backend, but organizations should verify patch status through the Azure portal and confirm that published agents reflect the updated security controls. Until patching is confirmed complete, implement compensating controls by restricting network access to Azure AI Foundry M365 published agents through Azure Firewall or Network Security Groups to allow only trusted IP ranges or internal corporate networks, though this reduces functionality for legitimate remote users. Alternatively, temporarily unpublish affected M365 agents and transition to alternative deployment methods (Azure-only publishing without M365 integration) until the security update is verified, noting this will disrupt M365-based workflows. Review audit logs in Azure Monitor and M365 compliance center for any unauthorized access patterns to published agents during the vulnerable period, focusing on authentication events and data access from unexpected sources or geographic locations.

Share

CVE-2026-35435 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy