This vulnerability, tracked as CVE-2026-26138 and classified under CWE-918, involves Server-Side Request Forgery in Microsoft Purview. An attacker can leverage this SSRF flaw to elevate privileges within a network environment. The CVSS 3.1 vector indicates the attack can be performed remotely without privileges or user interaction, with high confidentiality impact but no integrity or availability impact. The vulnerability is officially published and a patch is available, though no specific patch links are provided in the data. No known exploits have been reported in the wild.

Successful exploitation of this SSRF vulnerability could allow an attacker to elevate privileges over the network, potentially leading to unauthorized access to sensitive information. The confidentiality impact is high, but integrity and availability are not affected according to the CVSS vector. No active exploitation has been observed so far.

A patch is available for this vulnerability and should be applied promptly to mitigate the risk. Since this is not a cloud service, organizations must ensure their Microsoft Purview installations are updated with the official fix from Microsoft. Patch status is confirmed as available, but no direct patch links are provided in the input data; consult Microsoft advisories for the official update.