Cyber Resilience

CVE-2026-32171

High

Published: 14 April 2026

Published
14 April 2026
Modified
27 April 2026
KEV Added
Patch
CVSS Score v3.1 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0044 35.0th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2026-32171 is a high-severity Insufficiently Protected Credentials (CWE-522) vulnerability in Microsoft Azure Logic Apps. Its CVSS base score is 8.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 35.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and AC-6 (Least Privilege).

Deeper analysis

CVE-2026-32171 involves insufficiently protected credentials in Azure Logic Apps, as detailed in its description published on 2026-04-14T18:17:19.843. This vulnerability, mapped to CWE-522, carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating high severity due to network accessibility, low attack complexity, and significant impacts across confidentiality, integrity, and availability.

An authorized attacker with low privileges (PR:L) can exploit this vulnerability over the network (AV:N) without requiring user interaction (UI:N). Successful exploitation enables privilege escalation, achieving high-level compromise of confidentiality, integrity, and availability (C:H/I:H/A:H).

Mitigation guidance is available in the Microsoft Security Response Center advisory at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32171.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

Insufficiently protected credentials in Azure Logic Apps allows an authorized attacker to elevate privileges over a network.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
T1552 Unsecured Credentials Credential Access
Adversaries may search compromised systems to find and obtain insecurely stored credentials.
Why these techniques?

Direct mapping from CWE-522 insufficient credential protection in Azure Logic Apps, enabling low-priv network attacker to retrieve credentials (T1552) and escalate privileges (T1068).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-42823Same product: Microsoft Azure Logic Apps
CVE-2026-21227Same product: Microsoft Azure Logic Apps
CVE-2026-23658Same vendor: Microsoft
CVE-2026-20853Same vendor: Microsoft
CVE-2026-20877Same vendor: Microsoft
CVE-2026-20860Same vendor: Microsoft
CVE-2026-24294Same vendor: Microsoft
CVE-2025-21418Same vendor: Microsoft
CVE-2026-24290Same vendor: Microsoft
CVE-2026-40417Same vendor: Microsoft

Affected Assets

microsoft
azure logic apps
all versions

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires secure management and protection of authenticators including credentials in Azure Logic Apps to prevent unauthorized access by low-privileged attackers.

prevent

Enforces least privilege to mitigate privilege escalation by ensuring low-privileged accounts cannot access or exploit elevated credentials.

prevent

Mandates enforcement of approved access authorizations to block low-privileged network attackers from reaching insufficiently protected credentials.

References