CVE-2026-21515 — Vulnetix

Try Vulnetix Request Demo

CVE-2026-21515 PUBLISHED CVSS 9.9 CRITICAL

Reported by microsoft · Published April 24, 2026

Exposure of sensitive information to an unauthorized actor in Azure IOT Central allows an authorized attacker to elevate privileges over a network.

Risk Scores

CVSS v3.1

9.9

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C

Affected Products

Vendor	Product	Versions
Microsoft	Azure IOT Central	-
Microsoft	Azure IOT Central	-
microsoft	azure_iot_central	*

Timeline

Apr 14, 2026 CVE Published
Apr 24, 2026 Security Advisory
May 5, 2026 Security Advisory
May 12, 2026 CVE Updated

References

Azure IoT Central Elevation of Privilege Vulnerability vendor-advisorypatch

Open in Interactive Console →