CVE-2026-50338: Azure Spring Apps Elevation of Privilege Vulnerability

Overview

Severity
High (CVSS 8.2)
CVSS Vector
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N/E:P/RL:O/RC:C
Category
Elevation of Privilege
Exploit Status
Not Exploited
Exploitation Likelihood
Less Likely
Patch Tuesday
2026-Jul
Released
2026-07-14

Description

Improper authentication in Azure Spring Apps allows an authorized attacker to elevate privileges over a network.

FAQ

According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to prepare the target environment to improve exploit reliability. According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability? An exploited vulnerability can affect resources beyond the security scope managed by the security authority of the vulnerable component. In this case, the vulnerable component and the impacted component are different and managed by different security authorities. What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain ELEVATED privileges, which may allow them to perform actions beyond their original permissions.

Affected Products (1)

Azure

  • Azure Spring Apps

Security Updates (1)

Acknowledgments

<a href="https://www.johannes-moeller.dev/">Lukas Johannes Moeller</a>

Revision History

  • 2026-07-14: Information published.