CVE-2026-32168: Azure Monitor Agent Elevation of Privilege Vulnerability

Overview

Severity

High (CVSS 7.8)

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

Category

Elevation of Privilege

Exploit Status

Not Exploited

Exploitation Likelihood

Less Likely

Patch Tuesday

2026-Apr

Released

2026-04-14

Description

Improper input validation in Azure Monitor Agent allows an authorized attacker to elevate privileges locally.

FAQ

What privileges could an attacker gain with successful exploitation? An attacker who successfully exploited the vulnerability could elevate their privileges to 'root' user. How could an attacker exploit this vulnerability? An attacker with the ability to run code as the syslog user on an affected Azure Linux Virtual Machine could modify specific configuration files used by the Azure Monitor agent. The agent processes these files with root‑level permissions and does not properly validate their contents, a malicious modification could cause the agent to execute unintended commands with elevated privileges. If exploited, the attacker could gain root access on the affected VM.

Affected Products (1)

Azure

• Azure Monitor Agent

Security Updates (1)

• Release Notes

Acknowledgments

P1hcn

Revision History

• 2026-04-14: Information published.