Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Network-reachable service abused by an existing low-privileged workspace user (PR:L) with no interaction; privilege escalation yields full confidentiality, integrity, and availability impact within an unchanged scope.
Primary rating from Vendor (microsoft).
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
7DescriptionNVD
Execution with unnecessary privileges in Azure Synapse allows an authorized attacker to elevate privileges over a network.
AnalysisAI
Privilege escalation in Microsoft Azure Synapse (the cloud analytics service) allows an already-authorized, low-privileged attacker to elevate their privileges over the network, gaining high confidentiality, integrity, and availability impact (CVSS 8.8). The root cause is a component executing with unnecessary privileges (CWE-250), letting a tenant or workspace user with limited rights break out to a higher trust level. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires the attacker to already be an authorized, low-privileged principal within an Azure Synapse workspace/tenant (CVSS PR:L) - this is not anonymous remote access. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | Signals are mixed but lean toward 'real-but-not-urgent.' The CVSS 3.1 vector (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H, base 8.8) indicates a network-reachable, low-complexity attack requiring some existing privileges and no user interaction, with total impact to the affected scope - consistent with SSVC's 'Technical Impact: total.' However, SSVC also reports 'Exploitation: none' and 'Automatable: no,' and EPSS is only 0.50% (39th percentile), so there is no evidence of active or imminent mass exploitation. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker who already holds a low-privileged account in an Azure Synapse workspace (for example a data engineer or pipeline user) sends crafted requests to an over-privileged Synapse component, causing it to perform actions under elevated privileges and granting the attacker control over data, pipelines, or configurations they should not be able to access. No user interaction or social engineering is required, but the attacker must first possess valid limited credentials in the tenant. … |
| Remediation | Patch available per vendor advisory: Microsoft reports a fix is available, and because Azure Synapse is a Microsoft-managed cloud service the correction is typically deployed server-side by Microsoft rather than installed by customers - review the MSRC advisory at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-48584 to confirm whether any customer-side action (e.g., updating self-hosted integration runtimes, Spark/SQL pool runtime versions, or workspace configurations) is required for full mitigation. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
24 hours: Identify all Azure Synapse deployments in use and note their current versions. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
More in Azure Synapse
View allSame weakness CWE-250 – Execution with Unnecessary Privileges
View allSame technique Privilege Escalation
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-38088
GHSA-wgqw-grm5-9368