CVE-2026-26135 — Vulnetix

Try Vulnetix Request Demo

CVE-2026-26135 PUBLISHED CVSS 9.6 CRITICAL

Reported by microsoft · Published April 2, 2026

Server-side request forgery (ssrf) in Azure Custom Locations Resource Provider (RP) allows an authorized attacker to elevate privileges over a network.

Risk Scores

CVSS v3.1

9.6

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C

Affected Products

Vendor	Product	Versions
Microsoft	Azure Custom Locations Resource Provider	-
Microsoft	Azure Custom Locations Resource Provider	-
microsoft	azure_custom_locations_resource_provider	-

Timeline

Apr 2, 2026 CVE Updated
Apr 2, 2026 CVE Published
Apr 3, 2026 Security Advisory
May 5, 2026 Security Advisory

References

Azure Custom Locations Resource Provider (RP) Elevation of Privilege Vulnerability vendor-advisorypatch

Open in Interactive Console →