Microsoft Azure Web Apps — known CVE vulnerabilities
Every CVE whose affected-product data names Microsoft Azure Web Apps, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (2)
CVE-2026-32211 — CVSS 9.1 (critical): Missing authentication for critical function in Azure MCP Server allows an unauthorized attacker to disclose information over a network.
CVE-2024-38194 — CVSS 8.4 (high): An authenticated attacker can exploit an improper authorization vulnerability in Azure Web Apps to elevate privileges over a network.