CVE-2026-32173

High

Published: 03 April 2026

Published

03 April 2026

Modified

06 April 2026

KEV Added

—

Patch

—

CVSS Score 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

EPSS Score 0.0006 19.6th percentile

Risk Priority 17 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-32173 is a high-severity Improper Authentication (CWE-287) vulnerability in Microsoft Azure Sre Agent. Its CVSS base score is 8.6 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 19.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-17 (Remote Access) and AC-3 (Access Enforcement).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190). What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

IA-9 Service Identification and Authentication good match

prevent

Requires the system to uniquely identify and authenticate services like the Azure SRE Agent, directly mitigating improper authentication that enables unauthorized network access.

AC-3 Access Enforcement good match

prevent

Enforces approved access control policies to block unauthorized logical access and information disclosure over the network.

AC-17 Remote Access good match

prevent

Authorizes and secures remote access methods to the Azure SRE Agent, preventing network-based exploitation by unauthorized attackers.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

Why these techniques?

Improper authentication (CWE-287) in network-accessible Azure SRE Agent directly enables remote unauthenticated information disclosure (CVSS AV:N/AC:L/PR:N), matching T1190 exploitation of public-facing applications.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

Improper authentication in Azure SRE Agent allows an unauthorized attacker to disclose information over a network.

Deeper analysisAI

CVE-2026-32173 is an improper authentication vulnerability affecting the Azure SRE Agent. Published on April 3, 2026, it enables an unauthorized attacker to disclose information over a network and is linked to CWE-287 (Improper Authentication) and CWE-863 (Incorrect Authorization). The issue carries a CVSS v3.1 base score of 8.6 (AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N), indicating high severity due to its network accessibility, low attack complexity, and lack of prerequisites.

Any unauthorized attacker can exploit this vulnerability remotely over the network without privileges, user interaction, or special conditions. Exploitation allows the attacker to achieve high-impact information disclosure, with a changed scope that amplifies the confidentiality breach while leaving integrity and availability unaffected.

The Microsoft Security Response Center provides guidance on this vulnerability, including mitigation and patch details, at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32173.

Details

CWE(s): CWE-287 CWE-863

Affected Products

microsoft

azure sre agent

all versions

CVEs Like This One

CVE-2025-49706Same vendor: Microsoft

CVE-2026-20856Same vendor: Microsoft

CVE-2025-21385Same vendor: Microsoft

CVE-2025-24043Same vendor: Microsoft

CVE-2025-53770Same vendor: Microsoft

CVE-2026-26106Same vendor: Microsoft

CVE-2026-32210Same vendor: Microsoft

CVE-2026-32191Same vendor: Microsoft

CVE-2025-50163Same vendor: Microsoft

CVE-2025-55315Same vendor: Microsoft

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32173
Vendor Advisory · secure@microsoft.com