Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
8.8
Azure MCP Server allows authorized attackers to elevate network privileges
CVE-2026-26118
GHSA-hhfx-wfvq-7g9c
Summary
An authorized attacker can use Azure MCP Server to access and control other network resources, potentially leading to data breaches or unauthorized changes. This issue affects users who have access to Azure MCP Server and use it to manage network connections. To protect your network, update Azure MCP Server to the latest version or restrict user access to prevent unauthorized use.
What to do
- Update azure.mcp to version 2.0.0-beta.17.
- Update azure.mcp to version 1.0.2.
- Update azure mcp to version 2.0.0-beta.17.
- Update msmcp-azure to version 2.0.0b17.
- Update azure mcp to version 1.0.2.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| – | azure.mcp | > 2.0.0-beta.1 , <= 2.0.0-beta.17 | 2.0.0-beta.17 |
| – | azure.mcp | > 1.0.0 , <= 1.0.2 | 1.0.2 |
| azure | mcp | > 2.0.0-beta.1 , <= 2.0.0-beta.17 | 2.0.0-beta.17 |
| – | msmcp-azure | > 2.0.0b14 , <= 2.0.0b17 | 2.0.0b17 |
| azure | mcp | > 1.0.0 , <= 1.0.2 | 1.0.2 |
| microsoft | azure_mcp_server | <= 2.0.0 | – |
| microsoft | azure_mcp_server | 2.0.0 | – |
| microsoft | azure_mcp_server | 2.0.0 | – |
| microsoft | azure_mcp_server | 2.0.0 | – |
| microsoft | azure_mcp_server | 2.0.0 | – |
| microsoft | azure_mcp_server | 2.0.0 | – |
| microsoft | azure_mcp_server | 2.0.0 | – |
| microsoft | azure_mcp_server | 2.0.0 | – |
| microsoft | azure_mcp_server | 2.0.0 | – |
| microsoft | azure_mcp_server | 2.0.0 | – |
| microsoft | azure_mcp_server | 2.0.0 | – |
| microsoft | azure_mcp_server | 2.0.0 | – |
| microsoft | azure_mcp_server | 2.0.0 | – |
| microsoft | azure_mcp_server | 2.0.0 | – |
| microsoft | azure_mcp_server | 2.0.0 | – |
| microsoft | azure_mcp_server | 2.0.0 | – |
| microsoft | azure_mcp_server | 2.0.0 | – |
Original title
Server-side request forgery (ssrf) in Azure MCP Server allows an authorized attacker to elevate privileges over a network.
Original description
Server-side request forgery (ssrf) in Azure MCP Server allows an authorized attacker to elevate privileges over a network.
nvd CVSS3.1
8.8
Vulnerability type
CWE-918
Server-Side Request Forgery (SSRF)
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26118
- https://nvd.nist.gov/vuln/detail/CVE-2026-26118
- https://github.com/microsoft/mcp/commit/804ff60293206c4d8e832f772097238561bf2c34
- https://github.com/microsoft/mcp/releases/tag/Azure.Mcp.Server-1.0.2
- https://github.com/microsoft/mcp/releases/tag/Azure.Mcp.Server-2.0.0-beta.17
- https://github.com/advisories/GHSA-hhfx-wfvq-7g9c
Published: 10 Mar 2026 · Updated: 14 Mar 2026 · First seen: 11 Mar 2026