Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

CVE-2026-47280: Azure Resource Manager Privilege Elevation over Network

CVE-2026-47280

Summary

Azure Resource Manager's authentication system is flawed, allowing unauthorized users to gain higher levels of access to Azure resources over the network. This is a significant risk because it could allow attackers to make changes to your Azure setup and access sensitive information. To protect yourself, ensure you're using the latest version of Azure Resource Manager and follow proper security best practices for authentication and access control.

What to do

No fix is available yet. Check with your software vendor for updates.

Affected software

Vendor	Product	Affected versions
microsoft	azure_resource_manager	All versions `cpe:2.3:a:microsoft:azure_resource_manager:-:::::::*`

Original title

Improper authentication in Azure Resource Manager (ARM) allows an unauthorized attacker to elevate privileges over a network.

Original description

Improper authentication in Azure Resource Manager (ARM) allows an unauthorized attacker to elevate privileges over a network.

nvd CVSS3.1 10.0

Vulnerability type

CWE-287 Improper Authentication

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-47280

Published: 22 May 2026 · Updated: 28 May 2026 · First seen: 26 May 2026