CVE-2026-35430
published 2026-05-22CVE-2026-35430: Authorization bypass through user-controlled key in Azure Privileged Identity Management (PIM) allows an authorized attacker to elevate privileges over a…
PriorityP260high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EPSS
0.43%
34.1th percentile
Authorization bypass through user-controlled key in Azure Privileged Identity Management (PIM) allows an authorized attacker to elevate privileges over a network.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | azure_privileged_identity_management | — | — |
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
cvelistv5v3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-gq45-95jh-mxm7: Authorization bypass through user-controlled key in Azure Privileged Identity Management (PIM) allows an authorized attacker to elevate privileges ove
ghsa_unreviewed·2026-05-26
CVE-2026-35430 [HIGH] CWE-639 GHSA-gq45-95jh-mxm7: Authorization bypass through user-controlled key in Azure Privileged Identity Management (PIM) allows an authorized attacker to elevate privileges ove
Authorization bypass through user-controlled key in Azure Privileged Identity Management (PIM) allows an authorized attacker to elevate privileges over a network.
VulDB
Microsoft Azure Privileged Identity Management authorization
vuldb·2026-05-23
CVE-2026-35430 Microsoft Azure Privileged Identity Management authorization
A vulnerability classified as very critical was found in Microsoft Azure Privileged Identity Management. Affected by this vulnerability is an unknown functionality. Such manipulation leads to authorization bypass.
This vulnerability is listed as CVE-2026-35430. The attack may be performed from remote. There is no available exploit.
This product is a managed service, so users are unable to manage vulnerability countermeasures on their own.
CVEList
Azure Privileged Identity Management (PIM) Elevation of Privilege Vulnerability
cvelistv5·2026-05-22·CVSS 8.8
CVE-2026-35430 [HIGH] CWE-639 Azure Privileged Identity Management (PIM) Elevation of Privilege Vulnerability
Azure Privileged Identity Management (PIM) Elevation of Privilege Vulnerability
Authorization bypass through user-controlled key in Azure Privileged Identity Management (PIM) allows an authorized attacker to elevate privileges over a network.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2026-05-22
Published