Microsoft Azure Devops — known CVE vulnerabilities
Every CVE whose affected-product data names Microsoft Azure Devops, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (4)
CVE-2025-29813 — CVSS 10.0 (critical): Authentication bypass by assumed-immutable data in Azure DevOps allows an unauthorized attacker to elevate privileges over a network.
CVE-2026-42826 — CVSS 10.0 (critical): Exposure of sensitive information to an unauthorized actor in Azure DevOps allows an unauthorized attacker to disclose information over a…
CVE-2025-47158 — CVSS 9.0 (critical): Authentication bypass by assumed-immutable data in Azure DevOps allows an unauthorized attacker to elevate privileges over a network.
CVE-2026-23658 — CVSS 8.6 (high): Insufficiently protected credentials in Azure DevOps allows an unauthorized attacker to elevate privileges over a network.