Skip to main content

Azure Ai Bot Service

4 CVEs product

Monthly

CVE-2026-32174 HIGH PATCH NO ACTION Monitor

Privilege elevation in Microsoft's Azure (AI) Bot Service lets an authenticated, network-based attacker bypass improper authentication checks (CWE-287) to gain higher privileges than originally granted. Tracked as CVE-2026-32174 (CVSS 8.8) and reported by Microsoft, it affects the cloud-hosted Azure Bot Service and carries high confidentiality, integrity, and availability impact. There is no public exploit identified at time of analysis, EPSS exploitation probability is low (0.37%, 29th percentile), and CISA SSVC currently scores exploitation as 'none.'

Authentication Bypass Microsoft Azure Ai Bot Service
NVD VulDB
CVSS 3.1
8.8
EPSS
0.4%
CVE-2025-55244 CRITICAL This Week

Azure Bot Service Elevation of Privilege Vulnerability. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Microsoft Azure Ai Bot Service
NVD
CVSS 3.1
9.0
EPSS
0.1%
CVE-2025-30392 CRITICAL Act Now

Improper authorization in Azure Bot Framework SDK allows an unauthorized attacker to elevate privileges over a network. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Authentication Bypass Azure Ai Bot Service
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2025-30389 HIGH This Week

Improper authorization in Azure Bot Framework SDK allows an unauthorized attacker to elevate privileges over a network. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Microsoft Authentication Bypass Azure Ai Bot Service
NVD
CVSS 3.1
8.7
EPSS
0.3%
EPSS 0% CVSS 8.8
HIGH PATCH NO ACTION Monitor

Privilege elevation in Microsoft's Azure (AI) Bot Service lets an authenticated, network-based attacker bypass improper authentication checks (CWE-287) to gain higher privileges than originally granted. Tracked as CVE-2026-32174 (CVSS 8.8) and reported by Microsoft, it affects the cloud-hosted Azure Bot Service and carries high confidentiality, integrity, and availability impact. There is no public exploit identified at time of analysis, EPSS exploitation probability is low (0.37%, 29th percentile), and CISA SSVC currently scores exploitation as 'none.'

Authentication Bypass Microsoft Azure Ai Bot Service
NVD VulDB
EPSS 0% CVSS 9.0
CRITICAL This Week

Azure Bot Service Elevation of Privilege Vulnerability. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Microsoft Azure Ai Bot Service
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

Improper authorization in Azure Bot Framework SDK allows an unauthorized attacker to elevate privileges over a network. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Authentication Bypass Azure Ai Bot Service
NVD
EPSS 0% CVSS 8.7
HIGH This Week

Improper authorization in Azure Bot Framework SDK allows an unauthorized attacker to elevate privileges over a network. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Microsoft Authentication Bypass Azure Ai Bot Service
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy