HIGHCVE-2026-26117Published Modified CNA microsoft
CVE-2026-26117: Arc Enabled Servers - Azure Connected Machine Agent Elevation of Privilege Vulnerability
Authentication bypass using an alternate path or channel in Azure Windows Virtual Machine Agent allows an authorized attacker to elevate privileges locally.
Metrics
- CVSS v3.1
- 7.8
- Severity
- HIGH
- Fixed in
- 1.61
- Affected Products
- 1
Fix available
1.61
Affected packages
- Microsoft / Arc Enabled Servers - Azure Connected Machine Agent< 1.61 (from 1.0.0)
CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C