Microsoft Arc Enabled Servers - Azure Connected Machine Agent vulnerabilities
3 known vulnerabilities affecting microsoft/arc_enabled_servers_-_azure_connected_machine_agent.
Total CVEs
3
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH3
Vulnerabilities
Page 1 of 1
CVE-2026-26117HIGHCVSS 7.8≥ 1.0.0, < 1.612026-03-10
CVE-2026-26117 [HIGH] CWE-288 CVE-2026-26117: Authentication bypass using an alternate path or channel in Azure Windows Virtual Machine Agent allo
Authentication bypass using an alternate path or channel in Azure Windows Virtual Machine Agent allows an authorized attacker to elevate privileges locally.
cvelistv5nvd
CVE-2025-47989HIGHCVSS 7.0≥ 1.0.0, < 1.572025-10-14
CVE-2025-47989 [HIGH] CWE-284 CVE-2025-47989: Improper access control in Azure Connected Machine Agent allows an authorized attacker to elevate pr
Improper access control in Azure Connected Machine Agent allows an authorized attacker to elevate privileges locally.
cvelistv5nvd
CVE-2025-58724HIGHCVSS 7.8≥ 1.0.0, < 1.572025-10-14
CVE-2025-58724 [HIGH] CWE-284 CVE-2025-58724: Improper access control in Azure Connected Machine Agent allows an authorized attacker to elevate pr
Improper access control in Azure Connected Machine Agent allows an authorized attacker to elevate privileges locally.
cvelistv5nvd