Azure Logic Apps
by Microsoft
CVEs (5)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-42823 | Cri | 0.64 | 9.9 | 0.01 | May 12, 2026 | Improper access control in Azure Logic Apps allows an authorized attacker to elevate privileges over a network. | ||
| CVE-2026-32171 | Hig | 0.57 | 8.8 | 0.00 | Apr 14, 2026 | Insufficiently protected credentials in Azure Logic Apps allows an authorized attacker to elevate privileges over a network. | ||
| CVE-2026-21227 | 0.00 | — | 0.00 | Jan 22, 2026 | Improper limitation of a pathname to a restricted directory ('path traversal') in Azure Logic Apps allows an unauthorized attacker to elevate privileges over a network. | |||
| CVE-2023-36019 | 0.00 | — | 0.16 | Dec 12, 2023 | Microsoft Power Platform Connector Spoofing Vulnerability | |||
| CVE-2023-36052 | 0.00 | — | 0.22 | Nov 14, 2023 | Azure CLI REST Command Information Disclosure Vulnerability |
- risk 0.64cvss 9.9epss 0.01
Improper access control in Azure Logic Apps allows an authorized attacker to elevate privileges over a network.
- risk 0.57cvss 8.8epss 0.00
Insufficiently protected credentials in Azure Logic Apps allows an authorized attacker to elevate privileges over a network.
- CVE-2026-21227Jan 22, 2026risk 0.00cvss —epss 0.00
Improper limitation of a pathname to a restricted directory ('path traversal') in Azure Logic Apps allows an unauthorized attacker to elevate privileges over a network.
- CVE-2023-36019Dec 12, 2023risk 0.00cvss —epss 0.16
Microsoft Power Platform Connector Spoofing Vulnerability
- CVE-2023-36052Nov 14, 2023risk 0.00cvss —epss 0.22
Azure CLI REST Command Information Disclosure Vulnerability