Azure Arc
by Microsoft
CVEs (5)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-24302 | Hig | 0.56 | 8.6 | 0.02 | Feb 5, 2026 | Improper access control in Azure Arc allows an unauthorized attacker to elevate privileges over a network. | ||
| CVE-2025-55316 | 0.00 | — | 0.00 | Sep 9, 2025 | External control of file name or path in Azure Arc allows an authorized attacker to elevate privileges locally. | |||
| CVE-2025-26627 | 0.00 | — | 0.01 | Mar 11, 2025 | Improper neutralization of special elements used in a command ('command injection') in Azure Arc allows an authorized attacker to elevate privileges locally. | |||
| CVE-2022-38007 | 0.00 | — | 0.01 | Sep 13, 2022 | Azure Guest Configuration and Azure Arc-enabled servers Elevation of Privilege Vulnerability | |||
| CVE-2019-0804 | 0.00 | — | 0.05 | Apr 9, 2019 | An information disclosure vulnerability exists in the way Azure WaLinuxAgent creates swap files on resource disks, aka 'Azure Linux Agent Information Disclosure Vulnerability'. |
- risk 0.56cvss 8.6epss 0.02
Improper access control in Azure Arc allows an unauthorized attacker to elevate privileges over a network.
- CVE-2025-55316Sep 9, 2025risk 0.00cvss —epss 0.00
External control of file name or path in Azure Arc allows an authorized attacker to elevate privileges locally.
- CVE-2025-26627Mar 11, 2025risk 0.00cvss —epss 0.01
Improper neutralization of special elements used in a command ('command injection') in Azure Arc allows an authorized attacker to elevate privileges locally.
- CVE-2022-38007Sep 13, 2022risk 0.00cvss —epss 0.01
Azure Guest Configuration and Azure Arc-enabled servers Elevation of Privilege Vulnerability
- CVE-2019-0804Apr 9, 2019risk 0.00cvss —epss 0.05
An information disclosure vulnerability exists in the way Azure WaLinuxAgent creates swap files on resource disks, aka 'Azure Linux Agent Information Disclosure Vulnerability'.