CVE-2026-26117: CWE-288: Authentication Bypass Using an Alternate Path or Channel in Microsoft Arc Enabled Servers - Azure Connected Machine Agent
Authentication bypass using an alternate path or channel in Azure Windows Virtual Machine Agent allows an authorized attacker to elevate privileges locally.
AI Analysis
Technical Summary
This vulnerability (CWE-288) in Azure Windows Virtual Machine Agent component of Microsoft Arc Enabled Servers allows an attacker with local authorized access to bypass authentication mechanisms by exploiting an alternate path or channel. This leads to privilege escalation on the affected system, potentially granting the attacker high-level control. The CVSS 3.1 base score is 7.8, reflecting high impact on confidentiality, integrity, and availability with low attack complexity and no user interaction required. The vulnerability affects version 1.0.0 of the Azure Connected Machine Agent. Microsoft has published a patch to remediate this issue.
Potential Impact
An authorized local attacker can bypass authentication controls and elevate privileges, potentially gaining full control over the affected system. This compromises confidentiality, integrity, and availability of the system and its data. There are no known exploits in the wild at this time.
Mitigation Recommendations
A patch is available for this vulnerability. It is recommended to apply the official Microsoft update for Azure Connected Machine Agent version 1.0.0 promptly to remediate the authentication bypass and privilege escalation risk.
CVE-2026-26117: CWE-288: Authentication Bypass Using an Alternate Path or Channel in Microsoft Arc Enabled Servers - Azure Connected Machine Agent
Description
Authentication bypass using an alternate path or channel in Azure Windows Virtual Machine Agent allows an authorized attacker to elevate privileges locally.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This vulnerability (CWE-288) in Azure Windows Virtual Machine Agent component of Microsoft Arc Enabled Servers allows an attacker with local authorized access to bypass authentication mechanisms by exploiting an alternate path or channel. This leads to privilege escalation on the affected system, potentially granting the attacker high-level control. The CVSS 3.1 base score is 7.8, reflecting high impact on confidentiality, integrity, and availability with low attack complexity and no user interaction required. The vulnerability affects version 1.0.0 of the Azure Connected Machine Agent. Microsoft has published a patch to remediate this issue.
Potential Impact
An authorized local attacker can bypass authentication controls and elevate privileges, potentially gaining full control over the affected system. This compromises confidentiality, integrity, and availability of the system and its data. There are no known exploits in the wild at this time.
Mitigation Recommendations
A patch is available for this vulnerability. It is recommended to apply the official Microsoft update for Azure Connected Machine Agent version 1.0.0 promptly to remediate the authentication bypass and privilege escalation risk.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- microsoft
- Date Reserved
- 2026-02-11T15:52:13.911Z
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 69b05631ea502d3aa87d6b2c
Added to database: 3/10/2026, 5:34:41 PM
Last enriched: 4/18/2026, 2:15:50 PM
Last updated: 4/28/2026, 9:18:56 AM
Views: 104
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.