Azure Functions
by Microsoft
CVEs (6)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-38204 | 0.01 | — | 0.07 | Oct 15, 2024 | Improper access control in Imagine Cup allows an authorized attacker to elevate privileges over a network. | |||
| CVE-2026-21532 | 0.00 | — | 0.00 | Feb 5, 2026 | Azure Function Information Disclosure Vulnerability | |||
| CVE-2025-33074 | 0.00 | — | 0.00 | Apr 30, 2025 | Improper verification of cryptographic signature in Microsoft Azure Functions allows an authorized attacker to execute code over a network. | |||
| CVE-2024-49052 | 0.00 | — | 0.02 | Nov 26, 2024 | Missing authentication for critical function in Microsoft Azure PolicyWatch allows an unauthorized attacker to elevate privileges over a network. | |||
| CVE-2023-36052 | 0.00 | — | 0.00 | Nov 14, 2023 | Azure CLI REST Command Information Disclosure Vulnerability | |||
| CVE-2020-16904 | 0.00 | — | 0.02 | Oct 16, 2020 | An elevation of privilege vulnerability exists in the way Azure Functions validate access keys. An unauthenticated attacker who successfully exploited this vulnerability could invoke an HTTP Function without proper authorization. This security update addresses… |
- CVE-2024-38204Oct 15, 2024risk 0.01cvss —epss 0.07
Improper access control in Imagine Cup allows an authorized attacker to elevate privileges over a network.
- CVE-2026-21532Feb 5, 2026risk 0.00cvss —epss 0.00
Azure Function Information Disclosure Vulnerability
- CVE-2025-33074Apr 30, 2025risk 0.00cvss —epss 0.00
Improper verification of cryptographic signature in Microsoft Azure Functions allows an authorized attacker to execute code over a network.
- CVE-2024-49052Nov 26, 2024risk 0.00cvss —epss 0.02
Missing authentication for critical function in Microsoft Azure PolicyWatch allows an unauthorized attacker to elevate privileges over a network.
- CVE-2023-36052Nov 14, 2023risk 0.00cvss —epss 0.00
Azure CLI REST Command Information Disclosure Vulnerability
- CVE-2020-16904Oct 16, 2020risk 0.00cvss —epss 0.02
An elevation of privilege vulnerability exists in the way Azure Functions validate access keys. An unauthenticated attacker who successfully exploited this vulnerability could invoke an HTTP Function without proper authorization. This security update addresses…