Critical severity9.8NVD Advisory· Published Sep 11, 2019· Updated Jun 17, 2026
CVE-2019-1306
CVE-2019-1306
Description
A remote code execution vulnerability exists when Azure DevOps Server (ADO) and Team Foundation Server (TFS) fail to validate input properly, aka 'Azure DevOps and Team Foundation Server Remote Code Execution Vulnerability'.
Affected products
5(expand)+ 1 more
- (no CPE)
- (no CPE)range: Update 3.2
2019.0.1+ 1 more
- (no CPE)range: 2019.0.1
- (no CPE)range: unspecified
Patches
Vulnerability mechanics
References
1- portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1306nvdPatchVendor Advisory
News mentions
0No linked articles in our index yet.