ThreatCluster

Multiple Elevation of Privilege Vulnerabilities in Azure Arc and Linux VMs

First seen 10 Mar 2026, 17:28 UTC Api.Msrc.Microsoft 74% similarity 71

Article Content

Browse articles
ThreatCluster

Three critical elevation of privilege vulnerabilities have been identified in Azure services, affecting both Windows and Linux virtual machines. CVE-2026-26141 and CVE-2026-26117 involve improper authentication and authentication bypass in Azure Arc-enabled Windows VMs, while CVE-2026-23665 pertains to a heap-based buffer overflow in Azure Linux VMs, all allowing authorized attackers to elevate privileges locally.

ThreatCluster AI

Timeline

2026-03-10
CVE-2026-26117 published
2026-03-10
CVE-2026-26141 published
2026-03-10
CVE-2026-23665 published

Community

Browse all →