Microsoft Azure Connected Machine Agent — known CVE vulnerabilities
Every CVE whose affected-product data names Microsoft Azure Connected Machine Agent, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (10)
CVE-2026-40381 — CVSS 7.8 (high): Improper access control in Azure Connected Machine Agent allows an authorized attacker to elevate privileges locally.
CVE-2025-55316 — CVSS 7.8 (high): External control of file name or path in Azure Arc allows an authorized attacker to elevate privileges locally.
CVE-2025-58724 — CVSS 7.8 (high): Improper access control in Azure Connected Machine Agent allows an authorized attacker to elevate privileges locally.
CVE-2026-21224 — CVSS 7.8 (high): Stack-based buffer overflow in Azure Connected Machine Agent allows an authorized attacker to elevate privileges locally.
CVE-2025-49692 — CVSS 7.8 (high): Improper access control in Azure Windows Virtual Machine Agent allows an authorized attacker to elevate privileges locally.