Azure Backup Aks Silent Patch
Source: olearysec.com
Published:
<p>In March 2026, I discovered a privilege escalation vulnerability in Azure Backup for AKS that allowed a user with only the “Backup Contributor” Azure role (zero Kubernetes permissions) to gain cluster-admin on any AKS cluster.</p> <p>CERT/CC validated this finding as VU#284781 on April 16, 2026.<