Microsoft Azure Connected Machine Agent vulnerabilities

9 known vulnerabilities affecting microsoft/azure_connected_machine_agent.

Total CVEs
9
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH9

Vulnerabilities

Page 1 of 1
CVE-2026-21224HIGHCVSS 7.8fixed in 1.60≥ 1.0.0, < 1.60.03293.26802026-01-13
CVE-2026-21224 [HIGH] CWE-121 CVE-2026-21224: Stack-based buffer overflow in Azure Connected Machine Agent allows an authorized attacker to elevat Stack-based buffer overflow in Azure Connected Machine Agent allows an authorized attacker to elevate privileges locally.
cvelistv5nvd
CVE-2025-47989HIGHCVSS 7.0fixed in 1.572025-10-14
CVE-2025-47989 [HIGH] CWE-284 CVE-2025-47989: Improper access control in Azure Connected Machine Agent allows an authorized attacker to elevate pr Improper access control in Azure Connected Machine Agent allows an authorized attacker to elevate privileges locally.
nvd
CVE-2025-58724HIGHCVSS 7.8fixed in 1.572025-10-14
CVE-2025-58724 [HIGH] CWE-284 CVE-2025-58724: Improper access control in Azure Connected Machine Agent allows an authorized attacker to elevate pr Improper access control in Azure Connected Machine Agent allows an authorized attacker to elevate privileges locally.
nvd
CVE-2025-55316HIGHCVSS 7.8fixed in 1.56≥ 1.0.0, < 1.562025-09-09
CVE-2025-55316 [HIGH] CWE-73 CVE-2025-55316: External control of file name or path in Azure Arc allows an authorized attacker to elevate privileg External control of file name or path in Azure Arc allows an authorized attacker to elevate privileges locally.
cvelistv5nvd
CVE-2025-49692HIGHCVSS 7.8fixed in 1.49≥ 1.0.0, < 1.492025-09-09
CVE-2025-49692 [HIGH] CWE-284 CVE-2025-49692: Improper access control in Azure Windows Virtual Machine Agent allows an authorized attacker to elev Improper access control in Azure Windows Virtual Machine Agent allows an authorized attacker to elevate privileges locally.
cvelistv5nvd
CVE-2024-38098HIGHCVSS 7.8fixed in 1.44≥ 1.0.0, < 1.442024-08-13
CVE-2024-38098 [HIGH] CWE-59 CVE-2024-38098: Azure Connected Machine Agent Elevation of Privilege Vulnerability Azure Connected Machine Agent Elevation of Privilege Vulnerability
cvelistv5nvd
CVE-2024-38162HIGHCVSS 7.8fixed in 1.44≥ 1.0.0, < 1.442024-08-13
CVE-2024-38162 [HIGH] CWE-284 CVE-2024-38162: Azure Connected Machine Agent Elevation of Privilege Vulnerability Azure Connected Machine Agent Elevation of Privilege Vulnerability
cvelistv5nvd
CVE-2024-21329HIGHCVSS 7.3fixed in 1.38≥ 1.0.0, < 1.382024-02-13
CVE-2024-21329 [HIGH] CWE-59 CVE-2024-21329: Azure Connected Machine Agent Elevation of Privilege Vulnerability Azure Connected Machine Agent Elevation of Privilege Vulnerability
cvelistv5nvd
CVE-2023-35624HIGHCVSS 7.3fixed in 1.37≥ 1.0.0, < 1.372023-12-12
CVE-2023-35624 [HIGH] CWE-59 CVE-2023-35624: Azure Connected Machine Agent Elevation of Privilege Vulnerability Azure Connected Machine Agent Elevation of Privilege Vulnerability
cvelistv5nvd