Azure MCP Server Exposes Critical Data to Unauthorized Access

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

9.1

Azure MCP Server Exposes Critical Data to Unauthorized Access

CVE-2026-32211

Summary

A mistake in Azure MCP Server's authentication process makes it possible for unauthorized users to access sensitive information over the network. This means that an attacker could potentially see confidential data they're not supposed to have access to. To protect your data, make sure you have the latest updates installed and follow best practices for authentication and authorization in your Azure MCP Server setup.

Original title

Missing authentication for critical function in Azure MCP Server allows an unauthorized attacker to disclose information over a network.

Original description

Missing authentication for critical function in Azure MCP Server allows an unauthorized attacker to disclose information over a network.

nvd CVSS3.1 9.1

Vulnerability type

CWE-306 Missing Authentication for Critical Function

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32211

Published: 3 Apr 2026 · Updated: 3 Apr 2026 · First seen: 3 Apr 2026