Microsoft Azure Connected Machine Agent
8 CVEs affecting Microsoft Azure Connected Machine Agent. Latest disclosed: 2026-05-12. Critical: 0, High: 8.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-40381 | High | 7.8 | 2026-05-12 | Improper access control in Azure Connected Machine Agent allows an authorized attacker to elevate privileges locally. |
CVE-2026-21224 | High | 7.8 | 2026-01-13 | Stack-based buffer overflow in Azure Connected Machine Agent allows an authorized attacker to elevate privileges locally. |
CVE-2025-49692 | High | 7.8 | 2025-09-09 | Improper access control in Azure Windows Virtual Machine Agent allows an authorized attacker to elevate privileges locally. |
CVE-2025-55316 | High | 7.8 | 2025-09-09 | External control of file name or path in Azure Arc allows an authorized attacker to elevate privileges locally. |
CVE-2024-38162 | High | 7.8 | 2024-08-13 | Azure Connected Machine Agent Elevation of Privilege Vulnerability |
CVE-2024-38098 | High | 7.8 | 2024-08-13 | Azure Connected Machine Agent Elevation of Privilege Vulnerability |
CVE-2024-21329 | High | 7.3 | 2024-02-13 | Azure Connected Machine Agent Elevation of Privilege Vulnerability |
CVE-2023-35624 | High | 7.3 | 2023-12-12 | Azure Connected Machine Agent Elevation of Privilege Vulnerability |