Skip to main content

Azure Monitor Agent Metrics Extension

1 CVEs product

Monthly

CVE-2026-47632 HIGH PATCH Exploit Unlikely This Week

Privilege escalation in Microsoft's Azure Monitor Agent (specifically the Metrics Extension) lets an unauthenticated attacker on an adjacent network gain elevated privileges by exploiting improper TLS certificate validation (CWE-295). Because the agent fails to properly verify the certificate of the endpoint it communicates with, an attacker positioned on the same broadcast/logical network segment can impersonate a trusted server and hijack the agent's privileged context, yielding high confidentiality, integrity, and availability impact. Microsoft rates it CVSS 8.8; there is currently no public exploit identified at time of analysis and it is not listed in CISA KEV.

Authentication Bypass Microsoft Azure Monitor Agent Metrics Extension
NVD
CVSS 3.1
8.8
EPSS
0.3%
EPSS 0% CVSS 8.8
HIGH PATCH Exploit Unlikely This Week

Privilege escalation in Microsoft's Azure Monitor Agent (specifically the Metrics Extension) lets an unauthenticated attacker on an adjacent network gain elevated privileges by exploiting improper TLS certificate validation (CWE-295). Because the agent fails to properly verify the certificate of the endpoint it communicates with, an attacker positioned on the same broadcast/logical network segment can impersonate a trusted server and hijack the agent's privileged context, yielding high confidentiality, integrity, and availability impact. Microsoft rates it CVSS 8.8; there is currently no public exploit identified at time of analysis and it is not listed in CISA KEV.

Authentication Bypass Microsoft Azure Monitor Agent Metrics Extension
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy