CVE-2026-33105

CWE-285CWE-863Incorrect Authorization4 documents4 sources
Severity
9.8CRITICAL
EPSS
0.0%
top 87.61%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Microsoft Azure Kubernetes Service
Timeline
PublishedApr 3

Description

Improper authorization in Microsoft Azure Kubernetes Service allows an unauthorized attacker to elevate privileges over a network.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:HExploitability: 3.9 | Impact: 6.0

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-q5xq-rvph-wwgr: Improper authorization in Microsoft Azure Kubernetes Service allows an unauthorized attacker to elevate privileges over a network2026-04-03
CVEList
Microsoft Azure Kubernetes Service Elevation of Privilege Vulnerability2026-04-02

📋Vendor Advisories

1
Microsoft
Microsoft Azure Kubernetes Service Elevation of Privilege Vulnerability2026-04-02
CVE-2026-33105 (CRITICAL CVSS 9.8) | Improper authorization in Microsoft | cvebase.io