Azure Devops
by Microsoft
CVEs (45)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-42826 | Cri | 0.65 | 10.0 | 0.01 | May 7, 2026 | Exposure of sensitive information to an unauthorized actor in Azure DevOps allows an unauthorized attacker to disclose information over a network. | ||
| CVE-2026-23658 | Hig | 0.56 | 8.6 | 0.01 | Mar 19, 2026 | Insufficiently protected credentials in Azure DevOps allows an unauthorized attacker to elevate privileges over a network. | ||
| CVE-2019-1306 | 0.02 | — | 0.16 | Sep 11, 2019 | A remote code execution vulnerability exists when Azure DevOps Server (ADO) and Team Foundation Server (TFS) fail to validate input properly, aka 'Azure DevOps and Team Foundation Server Remote Code Execution Vulnerability'. | |||
| CVE-2019-1072 | 0.02 | — | 0.12 | Jul 15, 2019 | A remote code execution vulnerability exists when Azure DevOps Server and Team Foundation Server (TFS) improperly handle user input, aka 'Azure DevOps Server and Team Foundation Server Remote Code Execution Vulnerability'. | |||
| CVE-2023-21564 | 0.01 | — | 0.01 | Feb 14, 2023 | Azure DevOps Server Cross-Site Scripting Vulnerability | |||
| CVE-2021-27067 | 0.01 | — | 0.03 | Apr 13, 2021 | Azure DevOps Server and Team Foundation Server Information Disclosure Vulnerability | |||
| CVE-2019-0971 | 0.01 | — | 0.08 | May 16, 2019 | An information disclosure vulnerability exists when Azure DevOps Server and Microsoft Team Foundation Server do not properly sanitize a specially crafted authentication request to an affected server, aka 'Azure DevOps Server and Team Foundation Server Information Disclosure… | |||
| CVE-2019-0857 | 0.01 | — | 0.04 | Apr 9, 2019 | A spoofing vulnerability that could allow a security feature bypass exists in when Azure DevOps Server does not properly sanitize user provided input, aka 'Azure DevOps Server Spoofing Vulnerability'. | |||
| CVE-2026-21512 | 0.00 | — | 0.01 | Feb 10, 2026 | Server-side request forgery (ssrf) in Azure DevOps Server allows an authorized attacker to perform spoofing over a network. | |||
| CVE-2025-47158 | 0.00 | — | 0.01 | Jul 18, 2025 | Authentication bypass by assumed-immutable data in Azure DevOps allows an unauthorized attacker to elevate privileges over a network. | |||
| CVE-2025-29813 | 0.00 | — | 0.02 | May 8, 2025 | Authentication bypass by assumed-immutable data in Azure DevOps allows an unauthorized attacker to elevate privileges over a network. | |||
| CVE-2024-35267 | 0.00 | — | 0.02 | Jul 9, 2024 | Azure DevOps Server Spoofing Vulnerability | |||
| CVE-2024-35266 | 0.00 | — | 0.02 | Jul 9, 2024 | Azure DevOps Server Spoofing Vulnerability | |||
| CVE-2024-20667 | 0.00 | — | 0.01 | Feb 13, 2024 | Azure DevOps Server Remote Code Execution Vulnerability | |||
| CVE-2023-21751 | 0.00 | — | 0.01 | Dec 13, 2023 | Azure DevOps Server Spoofing Vulnerability | |||
| CVE-2023-36437 | 0.00 | — | 0.02 | Nov 14, 2023 | Azure DevOps Server Remote Code Execution Vulnerability | |||
| CVE-2023-36561 | 0.00 | — | 0.01 | Oct 10, 2023 | Azure DevOps Server Elevation of Privilege Vulnerability | |||
| CVE-2023-38155 | 0.00 | — | 0.01 | Sep 12, 2023 | Azure DevOps Server Remote Code Execution Vulnerability | |||
| CVE-2023-33136 | 0.00 | — | 0.02 | Sep 12, 2023 | Azure DevOps Server Remote Code Execution Vulnerability | |||
| CVE-2023-36869 | 0.00 | — | 0.01 | Aug 8, 2023 | Azure DevOps Server Spoofing Vulnerability |
- risk 0.65cvss 10.0epss 0.01
Exposure of sensitive information to an unauthorized actor in Azure DevOps allows an unauthorized attacker to disclose information over a network.
- risk 0.56cvss 8.6epss 0.01
Insufficiently protected credentials in Azure DevOps allows an unauthorized attacker to elevate privileges over a network.
- CVE-2019-1306Sep 11, 2019risk 0.02cvss —epss 0.16
A remote code execution vulnerability exists when Azure DevOps Server (ADO) and Team Foundation Server (TFS) fail to validate input properly, aka 'Azure DevOps and Team Foundation Server Remote Code Execution Vulnerability'.
- CVE-2019-1072Jul 15, 2019risk 0.02cvss —epss 0.12
A remote code execution vulnerability exists when Azure DevOps Server and Team Foundation Server (TFS) improperly handle user input, aka 'Azure DevOps Server and Team Foundation Server Remote Code Execution Vulnerability'.
- CVE-2023-21564Feb 14, 2023risk 0.01cvss —epss 0.01
Azure DevOps Server Cross-Site Scripting Vulnerability
- CVE-2021-27067Apr 13, 2021risk 0.01cvss —epss 0.03
Azure DevOps Server and Team Foundation Server Information Disclosure Vulnerability
- CVE-2019-0971May 16, 2019risk 0.01cvss —epss 0.08
An information disclosure vulnerability exists when Azure DevOps Server and Microsoft Team Foundation Server do not properly sanitize a specially crafted authentication request to an affected server, aka 'Azure DevOps Server and Team Foundation Server Information Disclosure…
- CVE-2019-0857Apr 9, 2019risk 0.01cvss —epss 0.04
A spoofing vulnerability that could allow a security feature bypass exists in when Azure DevOps Server does not properly sanitize user provided input, aka 'Azure DevOps Server Spoofing Vulnerability'.
- CVE-2026-21512Feb 10, 2026risk 0.00cvss —epss 0.01
Server-side request forgery (ssrf) in Azure DevOps Server allows an authorized attacker to perform spoofing over a network.
- CVE-2025-47158Jul 18, 2025risk 0.00cvss —epss 0.01
Authentication bypass by assumed-immutable data in Azure DevOps allows an unauthorized attacker to elevate privileges over a network.
- CVE-2025-29813May 8, 2025risk 0.00cvss —epss 0.02
Authentication bypass by assumed-immutable data in Azure DevOps allows an unauthorized attacker to elevate privileges over a network.
- CVE-2024-35267Jul 9, 2024risk 0.00cvss —epss 0.02
Azure DevOps Server Spoofing Vulnerability
- CVE-2024-35266Jul 9, 2024risk 0.00cvss —epss 0.02
Azure DevOps Server Spoofing Vulnerability
- CVE-2024-20667Feb 13, 2024risk 0.00cvss —epss 0.01
Azure DevOps Server Remote Code Execution Vulnerability
- CVE-2023-21751Dec 13, 2023risk 0.00cvss —epss 0.01
Azure DevOps Server Spoofing Vulnerability
- CVE-2023-36437Nov 14, 2023risk 0.00cvss —epss 0.02
Azure DevOps Server Remote Code Execution Vulnerability
- CVE-2023-36561Oct 10, 2023risk 0.00cvss —epss 0.01
Azure DevOps Server Elevation of Privilege Vulnerability
- CVE-2023-38155Sep 12, 2023risk 0.00cvss —epss 0.01
Azure DevOps Server Remote Code Execution Vulnerability
- CVE-2023-33136Sep 12, 2023risk 0.00cvss —epss 0.02
Azure DevOps Server Remote Code Execution Vulnerability
- CVE-2023-36869Aug 8, 2023risk 0.00cvss —epss 0.01
Azure DevOps Server Spoofing Vulnerability
Page 1 of 3