Cyber Posture

CVE-2026-26118

High

Published: 10 March 2026

Published
10 March 2026
Modified
13 March 2026
KEV Added
Patch
CVSS Score 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0004 13.7th percentile
Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-26118 is a high-severity SSRF (CWE-918) vulnerability in Microsoft Azure Mcp Server. Its CVSS base score is 8.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 13.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

This vulnerability is AI-related — categorised as AI Agent Protocols and Integrations; in the Protocol-Specific Risks risk domain.

The strongest mitigations our analysis identified are NIST 800-53 SC-7 (Boundary Protection) and SI-10 (Information Input Validation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploitation for Privilege Escalation (T1068) and 1 other technique. What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match
prevent

Directly mitigates SSRF by validating and sanitizing user inputs used to forge unauthorized server-side requests.

SC-7 Boundary Protection good match
preventdetect

Monitors and controls communications at boundaries to block unauthorized outbound requests enabled by SSRF exploitation.

AC-4 Information Flow Enforcement partial match
prevent

Enforces approved information flows to restrict server-initiated requests to unauthorized destinations or resources.

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
attack.mitre.org →
T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
attack.mitre.org →
Why these techniques?

SSRF vuln in network-accessible Azure server component with low-priv auth required directly enables exploitation for privilege escalation (T1068) via unauthorized server requests; also maps to T1190 as classic vector against public-facing apps.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

Server-side request forgery (ssrf) in Azure MCP Server allows an authorized attacker to elevate privileges over a network.

Deeper analysisAI

CVE-2026-26118 is a server-side request forgery (SSRF) vulnerability, classified under CWE-918, affecting the Azure MCP Server. Published on 2026-03-10T18:18:41.180, it carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating high severity due to its potential for significant impact across confidentiality, integrity, and availability.

The vulnerability enables an authorized attacker with low privileges (PR:L) to exploit SSRF over the network (AV:N) with low attack complexity (AC:L) and no user interaction (UI:N). Exploitation allows the attacker to elevate privileges, leveraging the SSRF mechanism to make unauthorized requests on behalf of the server.

The Microsoft Security Response Center provides an update guide for CVE-2026-26118 at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26118, detailing relevant mitigation and patching information.

Details

CWE(s)
CWE-918

Affected Products

microsoft
azure mcp server
2.0.0 · ≤ 2.0.0

AI Security AnalysisAI

AI Category
AI Agent Protocols and Integrations
Risk Domain
Protocol-Specific Risks
OWASP Top 10 for LLMs 2025
None mapped
Classification Reason
Matched keywords: mcp

CVEs Like This One

CVE-2025-21177Same vendor: Microsoft
CVE-2026-32169Same vendor: Microsoft
CVE-2025-59503Same vendor: Microsoft
CVE-2026-26138Same vendor: Microsoft
CVE-2026-26137Same vendor: Microsoft
CVE-2026-32186Same vendor: Microsoft
CVE-2026-26150Same vendor: Microsoft
CVE-2025-62207Same vendor: Microsoft
CVE-2026-33107Same vendor: Microsoft
CVE-2025-21385Same vendor: Microsoft

References