Skip to main content

Azure Synapse

2 CVEs product

Monthly

CVE-2026-26145 CRITICAL PATCH NEWS NO ACTION Monitor

Privilege elevation in Microsoft Azure Synapse Analytics allows a network-based, authorized attacker to bypass improper access controls and gain higher privileges than assigned. The flaw carries a critical 9.8 CVSS with full confidentiality, integrity, and availability impact, though its EPSS probability is modest (0.33%, 24th percentile) and CISA SSVC records no observed exploitation. No public exploit has been identified at time of analysis, and Microsoft has released a fix through its Security Update Guide.

Authentication Bypass Microsoft Azure Synapse
NVD VulDB
CVSS 3.1
9.8
EPSS
0.3%
CVE-2026-48584 HIGH PATCH NO ACTION HOSTED Monitor

Privilege escalation in Microsoft Azure Synapse (the cloud analytics service) allows an already-authorized, low-privileged attacker to elevate their privileges over the network, gaining high confidentiality, integrity, and availability impact (CVSS 8.8). The root cause is a component executing with unnecessary privileges (CWE-250), letting a tenant or workspace user with limited rights break out to a higher trust level. No public exploit identified at time of analysis, and EPSS exploitation probability is low (0.50%), with CISA SSVC marking exploitation status as 'none.'

Privilege Escalation Microsoft Azure Synapse
NVD VulDB
CVSS 3.1
8.8
EPSS
0.5%
EPSS 0% CVSS 9.8
CRITICAL PATCH NO ACTION Monitor

Privilege elevation in Microsoft Azure Synapse Analytics allows a network-based, authorized attacker to bypass improper access controls and gain higher privileges than assigned. The flaw carries a critical 9.8 CVSS with full confidentiality, integrity, and availability impact, though its EPSS probability is modest (0.33%, 24th percentile) and CISA SSVC records no observed exploitation. No public exploit has been identified at time of analysis, and Microsoft has released a fix through its Security Update Guide.

Authentication Bypass Microsoft Azure Synapse
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH NO ACTION HOSTED Monitor

Privilege escalation in Microsoft Azure Synapse (the cloud analytics service) allows an already-authorized, low-privileged attacker to elevate their privileges over the network, gaining high confidentiality, integrity, and availability impact (CVSS 8.8). The root cause is a component executing with unnecessary privileges (CWE-250), letting a tenant or workspace user with limited rights break out to a higher trust level. No public exploit identified at time of analysis, and EPSS exploitation probability is low (0.50%), with CISA SSVC marking exploitation status as 'none.'

Privilege Escalation Microsoft Azure Synapse
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy