wid-sec-w-2026-0655 · Published 2026-03-10 · View on BSI CERT-Bund ↗

Microsoft Azure Komponenten: Multiple Vulnerabilities

CVSS 8.8 HIGH

Risk Summary

Improper access control in Azure Portal Windows Admin Center allows an authorized attacker to elevate privileges locally.

CVEs (13)

CVE-2026-23651 CVE-2026-23660 CVE-2026-23661 CVE-2026-23662 CVE-2026-23664 CVE-2026-23665 CVE-2026-26117 CVE-2026-26118 CVE-2026-26121 CVE-2026-26122 CVE-2026-26124 CVE-2026-26141 CVE-2026-26148

Affected Vendors

Microsoft

Affected Products (7)

Microsoft · Azure Arc Enabled Servers-Connected Machine Agent

Microsoft · Azure IoT Explorer

Microsoft · Azure MCP Server Tools

Microsoft · Azure AD SSH Login extension for Linux

Microsoft · Azure Linux Virtual Machines with Azure Diagnostics extension

Microsoft · Windows Azure Automation Hybrid Worker Extension

Microsoft · Windows Admin Center in Azure Portal

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more