Microsoft Azure Kubernetes Service Unauthorized Privilege Escalation

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

10.0

Microsoft Azure Kubernetes Service Unauthorized Privilege Escalation

CVE-2026-33105

Summary

An attacker can access and control Azure Kubernetes Service resources without permission, potentially leading to unauthorized changes or data breaches. This affects organizations that use Azure Kubernetes Service. To mitigate, ensure that access controls and permissions are properly configured and regularly reviewed.

Original title

Improper authorization in Microsoft Azure Kubernetes Service allows an unauthorized attacker to elevate privileges over a network.

Original description

Improper authorization in Microsoft Azure Kubernetes Service allows an unauthorized attacker to elevate privileges over a network.

nvd CVSS3.1 10.0

Vulnerability type

CWE-285 Improper Authorization

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-33105

Published: 3 Apr 2026 · Updated: 3 Apr 2026 · First seen: 3 Apr 2026