Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Network-reachable service requiring valid low-privilege authorization (PR:L) and no user interaction; SSRF-to-privilege-escalation yields total confidentiality, integrity, and availability impact.
Primary rating from Vendor (microsoft).
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
7DescriptionNVD
Server-side request forgery (ssrf) in Azure OpenAI allows an authorized attacker to elevate privileges over a network.
AnalysisAI
Privilege elevation in Microsoft's Azure OpenAI service allows an authorized (low-privileged) attacker to abuse a server-side request forgery flaw (CWE-918) to force the service backend to issue attacker-controlled network requests, resulting in high confidentiality, integrity, and availability impact. The flaw carries CVSS 8.8 and requires only low privileges over the network with no user interaction, but currently shows no public exploit identified at time of analysis and a modest EPSS of 0.62%. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires the attacker to already possess valid low-privilege authorization to the Azure OpenAI service (CVSS PR:L - this is an 'authorized attacker' per the description), reachable over the network with no user interaction and low attack complexity. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | Signals are mixed. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker who already holds low-privilege authorized access to an Azure OpenAI resource submits a crafted request causing the service backend to fetch an attacker-specified internal URL (for example a cloud metadata or internal control-plane endpoint). The backend response leaks credentials or tokens that the attacker uses to elevate privileges beyond their original scope. … |
| Remediation | Patch available per vendor advisory: Microsoft reports a fix is available and, as Azure OpenAI is a hosted service, the remediation is applied server-side by Microsoft with no customer action required to receive the fix - review the MSRC advisory at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45499 to confirm applicability. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours: Identify all Azure OpenAI deployments in use and review recent authentication logs for suspicious API activity or anomalous requests. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
Same weakness CWE-918 – Server-Side Request Forgery (SSRF)
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-41443
GHSA-f7gx-8wv8-8wm9