Microsoft Azure Resource Manager — known CVE vulnerabilities
Every CVE whose affected-product data names Microsoft Azure Resource Manager, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (3)
CVE-2026-42822 — CVSS 10.0 (critical): Improper authentication in Azure Local Disconnected Operations allows an unauthorized attacker to elevate privileges over a network.
CVE-2026-47280 — CVSS 10.0 (critical): Improper authentication in Azure Resource Manager (ARM) allows an unauthorized attacker to elevate privileges over a network.
CVE-2026-24304 — CVSS 9.9 (critical): Improper access control in Azure Resource Manager allows an authorized attacker to elevate privileges over a network.