Skip to main content

Azure Open Ai

1 CVEs product

Monthly

CVE-2026-45499 HIGH PATCH NEWS NO ACTION HOSTED Monitor

Privilege elevation in Microsoft's Azure OpenAI service allows an authorized (low-privileged) attacker to abuse a server-side request forgery flaw (CWE-918) to force the service backend to issue attacker-controlled network requests, resulting in high confidentiality, integrity, and availability impact. The flaw carries CVSS 8.8 and requires only low privileges over the network with no user interaction, but currently shows no public exploit identified at time of analysis and a modest EPSS of 0.62%. Because Azure OpenAI is a Microsoft-hosted cloud service, remediation is delivered server-side by the vendor rather than requiring customer patching.

SSRF Microsoft Azure Open Ai
NVD VulDB
CVSS 3.1
8.8
EPSS
0.6%
EPSS 1% CVSS 8.8
HIGH PATCH NO ACTION HOSTED Monitor

Privilege elevation in Microsoft's Azure OpenAI service allows an authorized (low-privileged) attacker to abuse a server-side request forgery flaw (CWE-918) to force the service backend to issue attacker-controlled network requests, resulting in high confidentiality, integrity, and availability impact. The flaw carries CVSS 8.8 and requires only low privileges over the network with no user interaction, but currently shows no public exploit identified at time of analysis and a modest EPSS of 0.62%. Because Azure OpenAI is a Microsoft-hosted cloud service, remediation is delivered server-side by the vendor rather than requiring customer patching.

SSRF Microsoft Azure Open Ai
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy