CVE-2026-42823
published 2026-05-12CVE-2026-42823: Improper access control in Azure Logic Apps allows an authorized attacker to elevate privileges over a network.
PriorityP262critical9.9CVSS 3.1
AVNACLPRLUINSCCHIHAH
EPSS
0.60%
44.3th percentile
Improper access control in Azure Logic Apps allows an authorized attacker to elevate privileges over a network.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | azure_logic_apps | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
Microsoft Azure Logic Apps 1.35.9 access control
vuldb·2026-05-12
CVE-2026-42823 [CRITICAL] Microsoft Azure Logic Apps 1.35.9 access control
A vulnerability identified as critical has been detected in Microsoft Azure Logic Apps 1.35.9. Impacted is an unknown function. Performing a manipulation results in improper access controls.
This vulnerability is known as CVE-2026-42823. Remote exploitation of the attack is possible. No exploit is available.
It is suggested to install a patch to address this issue.
GHSA
GHSA-73g5-7fvx-cpr5: Improper access control in Azure Logic Apps allows an authorized attacker to elevate privileges over a network
ghsa_unreviewed·2026-05-12
CVE-2026-42823 [CRITICAL] CWE-284 GHSA-73g5-7fvx-cpr5: Improper access control in Azure Logic Apps allows an authorized attacker to elevate privileges over a network
Improper access control in Azure Logic Apps allows an authorized attacker to elevate privileges over a network.
No detection rules found.
No public exploits indexed.
Rapid7
Patch Tuesday - May 2026
blogs_rapid7·2026-05-13·CVSS 10.0
CVE-2026-41089 [CRITICAL] Patch Tuesday - May 2026
Microsoft is publishing 137 vulnerabilities on May 2026 Patch Tuesday . Microsoft is not aware of exploitation in the wild or public disclosure for any of these vulnerabilities. So far this month, Microsoft has provided patches to address 133 browser vulnerabilities, which are not included in the Patch Tuesday count above.
## Windows Netlogon: critical RCE
Anyone responsible for securing a domain controller should prioritize remediation of CVE-2026-41089 , which is a critical stack-based buffer overflow in Windows Netlogon with a CVSS v3 base score of 9.8. Exploitation leads to execution in the context of the Netlogon service, so that’s SYSTEM privileges on the domain controller. For most pentesters, that’s the point at which the customer report more or less writes itself. No privileges
Hackernews
Microsoft Patches 138 Vulnerabilities, Including DNS and Netlogon RCE Flaws
blogs_hackernews·2026-05-13·CVSS 9.8
CVE-2025-54518 [CRITICAL] Microsoft Patches 138 Vulnerabilities, Including DNS and Netlogon RCE Flaws
Home
Threat Intelligence
Vulnerabilities
Cyber Attacks
Webinars
Expert Insights
Awards
Webinars
Awards
Free eBooks
About THN
Jobs
Advertise with us
## Microsoft Patches 138 Vulnerabilities, Including DNS and Netlogon RCE Flaws
Microsoft on Tuesday released patches for 138 security vulnerabilities spanning its product portfolio, although none of them have been listed as publicly known or under active attack.
Of the 138 flaws, 30 are rated Critical, 104 are rated Important, three are rated Moderate, and one is rated Low in severity. As many as 61 vulnerabilities are classified as privilege escalation bugs, followed by 32 remote code execution, 15 information disclosure, 14 spoofing, eight denial-of-service, six security feature bypass, and two tampering flaws.
The update li
Sans Isc
Microsoft May 2026 Patch Tuesday, (Tue, May 12th)
blogs_sans_isc·2026-05-12·CVSS 4.3
CVE-2026-41103 [MEDIUM] Microsoft May 2026 Patch Tuesday, (Tue, May 12th)
Microsoft May 2026 Patch Tuesday
Published: 2026-05-12. Last Updated: 2026-05-12 18:29:36 UTC
by Johannes Ullrich (Version: 1)
0 comment(s)
Today's Microsoft patch Tuesday fixes 137 different vulnerabilities. In addition, the update addresses 137 Chromium-related issues affecting Microsoft Edge.
There are no already disclosed or already exploited vulnerabilities included in today's patches. I removed the Chromium issues from the table below and included only the 137 Microsoft issues to make it more readable.
Note that issues related to Microsoft Azure are labeled as "no customer action required.
Significant Vulnerabilities of interest:
CVE-2026-41103: This vulnerability affects the Microsoft SSO Plugin for Jira & Confluence. Exploitation could lead to an elevation of privileges. Wit
2026-05-12
Published