Cyber Resilience

CVE-2026-26141

High

Published: 10 March 2026

Published
10 March 2026
Modified
13 March 2026
KEV Added
Patch
CVSS Score v3.1 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0006 19.2th percentile
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-26141 is a high-severity Improper Authentication (CWE-287) vulnerability in Microsoft Azure Automation Hybrid Worker Windows Extension. Its CVSS base score is 7.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 19.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and AC-6 (Least Privilege).

Deeper analysis

CVE-2026-26141 is an improper authentication vulnerability affecting Azure Arc, published on 2026-03-10T18:18:42.957. It carries a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) and maps to CWE-287 (Improper Authentication) and CWE-863 (Incorrect Authorization). The issue enables an authorized attacker to elevate privileges locally due to flaws in the authentication mechanism.

A local attacker possessing low privileges (PR:L) can exploit this vulnerability with low attack complexity and no user interaction. Exploitation grants high impacts on confidentiality, integrity, and availability, allowing the attacker to escalate privileges on the affected Azure Arc-enabled system.

The Microsoft Security Response Center advisory provides details on mitigation and patches at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26141.

EU & UK References

Vulnerability details

Improper authentication in Azure Arc allows an authorized attacker to elevate privileges locally.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques?

CVE describes local privilege escalation via improper authentication/authorization flaw in Azure Arc, directly matching exploitation of a software vulnerability for privilege escalation.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2026-42822Same vendor: Microsoft
CVE-2026-24294Same vendor: Microsoft
CVE-2025-54918Same vendor: Microsoft
CVE-2025-53778Same vendor: Microsoft
CVE-2026-26119Same vendor: Microsoft
CVE-2026-26128Same vendor: Microsoft
CVE-2026-21231Same vendor: Microsoft
CVE-2026-32091Same vendor: Microsoft
CVE-2026-25174Same vendor: Microsoft
CVE-2026-42823Same vendor: Microsoft

Affected Assets

microsoft
azure automation hybrid worker windows extension
1.0.0 — 1.3.74

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

IA-2 requires unique identification and authentication of organizational users, directly addressing the improper authentication flaw that enables local privilege escalation in Azure Arc.

prevent

AC-3 enforces approved authorizations for access to system resources, mitigating the incorrect authorization (CWE-863) that allows low-privileged attackers to elevate privileges.

prevent

AC-6 applies least privilege to limit authorized accesses, preventing privilege escalation exploits even with flawed authentication mechanisms.

References