How is CVE-2026-45476 exploited?

Network reachability (not-required): The attacker needs an existing shell or process on the host; no network path to the vulnerable component is required. Authentication (required): An admin or otherwise privileged account is required to trigger the use-after-free condition in the MANA driver. Victim interaction (not-required): No user interaction is needed; the attacker can trigger the vulnerability entirely through their own actions. Attack complexity (info): Attack complexity is low, meaning the exploit is reliable and does not depend on race conditions, specific memory layouts, or other environmental factors.

What is the impact of CVE-2026-45476?

Reads sensitive kernel memory and any confidential data accessible from the elevated security scope, including credentials and keys held in memory. Modifies kernel data structures and persisted state within the scope change boundary, enabling tamper with system integrity. Crashes or destabilizes the affected kernel component, causing service disruption to the host and any workloads depending on the MANA network adapter. The scope change (S:C) means impact extends beyond the originating process into other components sharing the host, amplifying all three impact dimensions.

Back to search

HIGHCVE-2026-45476Published 2026-06-09Modified 2026-06-16CNA microsoft

CVE-2026-45476: Microsoft Azure Network Adapter Elevation of Privilege Vulnerability

Use after free in Linux MANA Driver allows an authorized attacker to elevate privileges locally.

CVSS v3.1: 8.2
Severity: HIGH
Fixed in: 7.1
Affected Products: 1

HarborGuard Analysis

Synopsis

A use-after-free vulnerability in the Microsoft MANA (Azure Network Adapter) Linux kernel driver allows a locally authenticated attacker with administrative privileges to escalate their privileges further on the affected host. The vulnerability is reached locally, requires no network exposure, and demands a high-privilege account to trigger. Successful exploitation gives the attacker full control over confidentiality, integrity, and availability of the system, including the ability to break out of the current security scope into affected components. A patched-image rebuild at version 7.1 is available on HarborGuard for environments running an affected version.

HarborGuard Coverage

Detection

Detection of CVE-2026-45476 is available across every HarborGuard environment, with the CVE matched against customer images within minutes of publication using feeds from upstream sources including Microsoft and NVD. Coverage extends to custom-built images that bundle the Linux MANA driver, not just base images pulled from public registries.

Available

Triage

HarborGuard is capable of scoring this finding at CVSS 8.2 HIGH and weighting it further against each customer environment's compliance policy, for example prioritizing Azure-hosted workloads where the MANA driver is more likely to be present and active. Routed findings land in the inbox configured for each customer org, whether that is a security team queue, a platform team channel, or a ticketing integration.

Available

Patch

A patched-image rebuild pinned to version 7.1 of the Microsoft MANA Network Driver becomes available on HarborGuard once the upstream fix is confirmed against scanned images. For customers who opt into auto-remediation, HarborGuard performs the rebuild, runs a regression test suite against the new image, and opens a pull request against affected workloads automatically.

Available

Exploit Conditions

Network reachabilityNot required
The attacker needs an existing shell or process on the host; no network path to the vulnerable component is required.
AuthenticationRequired
An admin or otherwise privileged account is required to trigger the use-after-free condition in the MANA driver.
Victim interactionNot required
No user interaction is needed; the attacker can trigger the vulnerability entirely through their own actions.
Attack complexityDetail
Attack complexity is low, meaning the exploit is reliable and does not depend on race conditions, specific memory layouts, or other environmental factors.

Blast Radius

Reads sensitive kernel memory and any confidential data accessible from the elevated security scope, including credentials and keys held in memory.
Modifies kernel data structures and persisted state within the scope change boundary, enabling tamper with system integrity.
Crashes or destabilizes the affected kernel component, causing service disruption to the host and any workloads depending on the MANA network adapter.
The scope change (S:C) means impact extends beyond the originating process into other components sharing the host, amplifying all three impact dimensions.

How HarborGuard Handles This

Available on HarborGuard: once CVE-2026-45476 is matched against a customer's scanned images, a patched-image rebuild at Linux MANA driver version 7.1 becomes available for any image found to carry an affected version in the range 1.0.0 through 7.0.x. For customers who opt into auto-remediation, HarborGuard performs the rebuild, executes a regression test run, and opens a PR against affected workloads; for HIGH-severity issues, the median time from CVE publication to merged patch PR in auto-remediation-enabled environments is around 90 minutes. Where compliance policy permits, customers can also apply network-policy isolation on the host to limit lateral movement opportunities even before the patched image is deployed, reducing the window of exposure while the rebuild is validated.

See how HarborGuard automates this

Fix available

7.1

Patch commits

Microsoft Azure Network Adapter Elevation of Privilege Vulnerability

Affected packages

Microsoft / Linux kernel - Microsoft MANA Network Driver
< 7.1 (from 1.0.0)

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C

References

Microsoft Azure Network Adapter Elevation of Privilege Vulnerability

Metrics

Get notified

HarborGuard Analysis

Synopsis

HarborGuard Coverage

Exploit Conditions

Blast Radius

How HarborGuard Handles This

Fix available