Cyber Resilience

CVE-2022-26924

High

Published: 15 April 2022

Published
15 April 2022
Modified
21 November 2024
KEV Added
Patch
CVSS Score v3.1 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score 0.0793 92.2th percentile
Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2022-26924 is a high-severity an unspecified weakness vulnerability in Microsoft Yet Another Reverse Proxy. Its CVSS base score is 7.5 (High).

Operationally, ranked in the top 7.8% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

Deeper analysis

CVE-2022-26924 is a denial of service vulnerability affecting YARP, rated at CVSS 7.5 under the vector AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H. The weakness permits remote interference with service availability while requiring no credentials or user interaction.

An unauthenticated attacker positioned on the network can trigger the flaw to produce a high impact on availability of the affected YARP component. No information is supplied on specific attack primitives or prerequisites beyond the CVSS metrics.

Microsoft security response center guidance for the issue is published at the listed references and addresses available updates or configuration changes. The associated EPSS values remain low, with a recorded peak of 0.0968 and a current score of 0.0793.

EU & UK References

Vulnerability details

YARP Denial of Service Vulnerability

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

microsoft
yet another reverse proxy
1.0.0, 1.1.0

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References