Microsoft Arc Enabled Servers - Azure Connected Machine Agent
3 CVEs affecting Microsoft Arc Enabled Servers - Azure Connected Machine Agent. Latest disclosed: 2026-03-10. Critical: 0, High: 3.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-26117 | High | 7.8 | 2026-03-10 | Authentication bypass using an alternate path or channel in Azure Windows Virtual Machine Agent allows an authorized attacker to elevate privileges locally. |
CVE-2025-58724 | High | 7.8 | 2025-10-14 | Improper access control in Azure Connected Machine Agent allows an authorized attacker to elevate privileges locally. |
CVE-2025-47989 | High | 7.0 | 2025-10-14 | Improper access control in Azure Connected Machine Agent allows an authorized attacker to elevate privileges locally. |