CVE-2026-47632: Azure Monitor Agent Metrics Extension Elevation of Privilege Vulnerability
Overview
- Severity
- High (CVSS 8.8)
- CVSS Vector
- CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
- Category
- Elevation of Privilege
- Exploit Status
- Not Exploited
- Exploitation Likelihood
- Less Likely
- Patch Tuesday
- 2026-Jul
- Released
- 2026-07-14
Description
Improper certificate validation in Azure Monitor Agent allows an unauthorized attacker to elevate privileges over an adjacent network.
FAQ
What privileges could be gained by an attacker who successfully exploited this vulnerability?
An attacker who successfully exploited this vulnerability could gain ELEVATED privileges, which may allow them to perform actions beyond their original permissions.
Affected Products (1)
Azure
- Azure Monitor Agent Metrics Extension
Security Updates (2)
Acknowledgments
Gal Azaria with Microsoft
Revision History
- 2026-07-14: Information published.