CVE-2026-32168

High

Published: 14 April 2026

Published

14 April 2026

Modified

06 May 2026

KEV Added

—

Patch

—

CVSS Score 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0008 22.4th percentile

Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-32168 is a high-severity Improper Input Validation (CWE-20) vulnerability in Microsoft Azure Monitor Agent. Its CVSS base score is 7.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 22.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploitation for Privilege Escalation (T1068). What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match

prevent

SI-10 directly mandates validation of information inputs to systems, comprehensively addressing the improper input validation flaw in the Azure Monitor Agent that enables local privilege escalation.

SI-2 Flaw Remediation good match

prevent

SI-2 requires organizations to identify, report, and remediate flaws such as this input validation vulnerability in the Azure Monitor Agent through timely patching.

AC-6 Least Privilege partial match

prevent

AC-6 enforces least privilege for system processes and users, limiting the impact and likelihood of successful local privilege escalation even if input validation is bypassed.

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation

Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.

attack.mitre.org →

Why these techniques?

Local privilege escalation via improper input validation in Azure Monitor Agent directly enables T1068 Exploitation for Privilege Escalation.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

Improper input validation in Azure Monitor Agent allows an authorized attacker to elevate privileges locally.

Deeper analysisAI

CVE-2026-32168 is an improper input validation vulnerability (CWE-20) in the Azure Monitor Agent. Published on 2026-04-14, it has a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating high severity due to its potential for significant local impact.

The vulnerability can be exploited by an authorized local attacker with low privileges. Exploitation requires only local access and low complexity, with no user interaction needed. Successful attacks enable privilege escalation on the affected system, granting high-level impacts on confidentiality, integrity, and availability.

Mitigation details are available in the Microsoft Security Response Center update guide at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32168.

Details

CWE(s): CWE-20

Affected Products

microsoft

azure monitor agent

≤ 1.35.9

CVEs Like This One

CVE-2026-32192Same product: Microsoft Azure Monitor Agent

CVE-2025-62550Same product: Microsoft Azure Monitor Agent

CVE-2025-21370Same vendor: Microsoft

CVE-2026-26170Same vendor: Microsoft

CVE-2026-20967Same vendor: Microsoft

CVE-2025-21235Same vendor: Microsoft

CVE-2025-21234Same vendor: Microsoft

CVE-2025-29814Same vendor: Microsoft

CVE-2026-26161Same vendor: Microsoft

CVE-2025-21375Same vendor: Microsoft

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32168
Vendor Advisory · secure@microsoft.com