What is CVE-2026-33117?

CVE-2026-33117 is a critical-severity vulnerability in Microsoft Azure Sdk For Java, classified under Improper Authentication. CVSS score: 9.1/10. Published 2026-05-12.

How severe is CVE-2026-33117?

Critical severity. CVSS v3 base score is 9.1 out of 10.

Auth bypass in Microsoft Azure Sdk For Java

CVE-2026-33117

The Java Key Vault Keys library in the Azure SDK for Java contains an issue in the local cryptographic verification path where authentication tag comparison was implemented incorrectly. In affected applications that use the vulnerable loca…

Vulnerability class: Broken Authentication

EPSS: 0.000 (8.9th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 9.1 (Critical). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N.

Affected products

Microsoft Azure Sdk For Java — versions 1.0.0
Microsoft Azure_sdk_for_java

Weakness classification (CWE)

References

Azure SDK for Java Security Feature Bypass Vulnerability (vendor-advisory, patch, Vendor Advisory)

Frequently asked questions

What is CVE-2026-33117?: CVE-2026-33117 is a critical-severity vulnerability in Microsoft Azure Sdk For Java, classified under Improper Authentication. CVSS score: 9.1/10. Published 2026-05-12.
How severe is CVE-2026-33117?: Critical severity. CVSS v3 base score is 9.1 out of 10.