CVE-2026-32171
published 2026-04-14CVE-2026-32171: Insufficiently protected credentials in Azure Logic Apps allows an authorized attacker to elevate privileges over a network.
PriorityP358high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EPSS
0.44%
35.1th percentile
Insufficiently protected credentials in Azure Logic Apps allows an authorized attacker to elevate privileges over a network.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | azure_logic_apps | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
Microsoft Azure Logic Apps prior 1.35.9 insufficiently protected credentials
vuldb·2026-04-14·CVSS 8.8
CVE-2026-32171 [HIGH] Microsoft Azure Logic Apps prior 1.35.9 insufficiently protected credentials
A vulnerability was found in Microsoft Azure Logic Apps. It has been rated as critical. This affects an unknown function. The manipulation leads to insufficiently protected credentials.
This vulnerability is uniquely identified as CVE-2026-32171. The attack is possible to be carried out remotely. No exploit exists.
It is suggested to install a patch to address this issue.
GHSA
GHSA-jw55-vf6x-jr62: Insufficiently protected credentials in Azure Logic Apps allows an authorized attacker to elevate privileges over a network
ghsa_unreviewed·2026-04-14
CVE-2026-32171 [HIGH] CWE-522 GHSA-jw55-vf6x-jr62: Insufficiently protected credentials in Azure Logic Apps allows an authorized attacker to elevate privileges over a network
Insufficiently protected credentials in Azure Logic Apps allows an authorized attacker to elevate privileges over a network.
No detection rules found.
No public exploits indexed.
Bleepingcomputer
Microsoft April 2026 Patch Tuesday fixes 167 flaws, 2 zero-days
blogs_bleepingcomputer·2026-04-14·CVSS 6.5
[MEDIUM] Microsoft April 2026 Patch Tuesday fixes 167 flaws, 2 zero-days
## Microsoft April 2026 Patch Tuesday fixes 167 flaws, 2 zero-days
## Lawrence Abrams
Today is Microsoft's April 2026 Patch Tuesday with security updates for 167 flaws, including 2 zero-day vulnerabilities.
This Patch Tuesday also addresses eight "Critical" vulnerabilities, 7 of which are remote code execution flaws and the other is a denial of service flaw.
The number of bugs in each vulnerability category is listed below:
93 Elevation of Privilege Vulnerabilities
13 Security Feature Bypass Vulnerabilities
20 Remote Code Execution Vulnerabilities
21 Information Disclosure Vulnerabilities
10 Denial of Service Vulnerabilities
9 Spoofing Vulnerabilities
When BleepingComputer reports on Patch Tuesday security updates, we only count those released by Microsoft today.
Therefore, the
Sans Isc
Microsoft Patch Tuesday April 2026., (Tue, Apr 14th)
blogs_sans_isc·2026-04-14·CVSS 8.8
[HIGH] Microsoft Patch Tuesday April 2026., (Tue, Apr 14th)
Microsoft Patch Tuesday April 2026.
Published: 2026-04-14. Last Updated: 2026-04-14 17:46:09 UTC
by Johannes Ullrich (Version: 1)
0 comment(s)
This month's Microsoft Patch Tuesday looks like a record one, but let's look at it a bit closer to understand what is happening
The update patches a total of 243 vulnerabilities. However, 78 of them are Chromium issues affecting Microsoft Edge. Patches for Edge were released earlier. This leaves 165 vulnerabilities that are not Edge-related. Of these, 8 are rated critical, and 154 are important. One vulnerability has already been exploited, and another was made public before today but has not yet been seen in the wild.
Noteworthy Vulnerabilities:
CVE-2026-33827 (Windows TCP/IP Remote Code Execution Vulnerability): As a packet nerd, I love thes
Rapid7
Patch Tuesday - April 2026
blogs_rapid7·2026-04-14·CVSS 6.5
[MEDIUM] Patch Tuesday - April 2026
Microsoft is publishing 167 vulnerabilities on April 2026 Patch Tuesday . Microsoft is aware of exploitation in the wild for one of today’s vulnerabilities, and public disclosure for one other. Microsoft evaluates 19 of the vulnerabilities published today as more likely to see future exploitation. So far this month, Microsoft has provided patches to address 80 browser vulnerabilities, which are not included in the Patch Tuesday count above.
## Increasing volumes of vulnerabilities
Regular Patch Tuesday watchers will know that these vulnerability totals are significantly higher than usual, especially the browser numbers. Late last week, Microsoft published patches to resolve more than 60 browser vulnerabilities in a single day, which is a new record in that very specific category.
It mig
2026-04-14
Published