May 2026: Azure Connected Machine Agent Elevation of Privilege Vulnerability
CVE-2026-40381 Published on May 12, 2026
Azure Connected Machine Agent Elevation of Privilege Vulnerability
Improper access control in Azure Connected Machine Agent allows an authorized attacker to elevate privileges locally.
Weakness Type
What is an Authorization Vulnerability?
The software does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
CVE-2026-40381 has been classified to as an Authorization vulnerability or weakness.
Products Associated with CVE-2026-40381
Want to know whenever a new CVE is published for Microsoft Azure Connected Machine Agent? stack.watch will email you.
Affected Versions
Microsoft Azure Connected Machine Agent:- Version 1.0.0 and below 1.63 is affected.