Skip to main content

Azure Monitor Agent CVE-2026-47632

| EUVDEUVD-2026-43792 HIGH
Improper Certificate Validation (CWE-295)
2026-07-14 microsoft GHSA-hhxq-vhpq-pjf3
8.8
CVSS 3.1 · Vendor: microsoft
Share

Severity by source

Vendor (microsoft) PRIMARY
8.8 HIGH
AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
ENISA EUVD
HIGH
qualitative
vuln.today AI
8.8 HIGH

Adjacent MITM position (AV:A) with no auth or interaction; improper cert validation grants full agent-context compromise, giving high C/I/A within an unchanged scope.

3.1 AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
4.0 AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Primary rating from Vendor (microsoft).

CVSS VectorVendor: microsoft

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Adjacent
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

2
Analysis Generated
Jul 14, 2026 - 18:39 vuln.today
CVE Published
Jul 14, 2026 - 17:05 nvd
HIGH 8.8

DescriptionCVE.org

Improper certificate validation in Azure Monitor Agent allows an unauthorized attacker to elevate privileges over an adjacent network.

AnalysisAI

Privilege escalation in Microsoft's Azure Monitor Agent (specifically the Metrics Extension) lets an unauthenticated attacker on an adjacent network gain elevated privileges by exploiting improper TLS certificate validation (CWE-295). Because the agent fails to properly verify the certificate of the endpoint it communicates with, an attacker positioned on the same broadcast/logical network segment can impersonate a trusted server and hijack the agent's privileged context, yielding high confidentiality, integrity, and availability impact. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Gain foothold on adjacent subnet
Delivery
Intercept agent telemetry connection (MITM)
Exploit
Present forged certificate accepted by agent
Execution
Impersonate trusted endpoint
Persist
Inject malicious data into privileged agent
Impact
Elevate privileges on target host

Vulnerability AssessmentAI

Exploitation Exploitation requires the attacker to be on an adjacent network (AV:A) - the same local/broadcast segment or logical subnet as a host running the Azure Monitor Agent Metrics Extension - typically achieved by first compromising a neighboring VM or device; it cannot be performed from an arbitrary remote internet location. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 3.1 vector (AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H, score 8.8) indicates a low-complexity, unauthenticated attack with no user interaction but requiring adjacency - the attacker must be on the same local/adjacent network segment rather than reaching the target across the open internet, which meaningfully narrows the realistic attacker population. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker who has already compromised a virtual machine or device on the same subnet as a target host running Azure Monitor Agent positions themselves as a man-in-the-middle and presents a forged or invalid certificate that the Metrics Extension fails to reject. The agent trusts the impersonated endpoint, allowing the attacker to inject malicious responses/data into the privileged agent process and elevate privileges on the target. …
Remediation Patch available per vendor advisory - apply the updated Azure Monitor Agent Metrics Extension released by Microsoft as tracked in the MSRC update guide (https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-47632); the exact fixed version is not stated in the provided data, so obtain it from that advisory. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours, identify all systems running Azure Monitor Agent Metrics Extension through deployment inventory and assess network segmentation to isolate monitor agents from untrusted networks. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-47632 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy