Azure Windows Virtual Machine Agent Privilege Escalation

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

7.8

Azure Windows Virtual Machine Agent Privilege Escalation

CVE-2026-26117

Summary

The Azure Windows Virtual Machine Agent has a security issue that could allow an authorized user to gain higher levels of access to a machine they already have permission to access. This could lead to unauthorized actions on the system. Update the Azure Windows Virtual Machine Agent to the latest version to fix this issue.

What to do

No fix is available yet. Check with your software vendor for updates.

Affected software

Vendor	Product	Affected versions	Fix available
microsoft	arc_enabled_servers_azure_connected_machine_agent	> 1.0.0 , <= 1.61	–

Original title

Authentication bypass using an alternate path or channel in Azure Windows Virtual Machine Agent allows an authorized attacker to elevate privileges locally.

Original description

Authentication bypass using an alternate path or channel in Azure Windows Virtual Machine Agent allows an authorized attacker to elevate privileges locally.

nvd CVSS3.1 7.8

Vulnerability type

CWE-288 Authentication Bypass Using Alternate Path

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26117

Published: 10 Mar 2026 · Updated: 14 Mar 2026 · First seen: 11 Mar 2026