CVE-2026-32192

High

Published: 14 April 2026

Published

14 April 2026

Modified

07 May 2026

KEV Added

—

Patch

—

CVSS Score 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0043 62.8th percentile

Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-32192 is a high-severity Deserialization of Untrusted Data (CWE-502) vulnerability in Microsoft Azure Monitor Agent. Its CVSS base score is 7.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked in the top 37.2% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploitation for Privilege Escalation (T1068). What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match

prevent

Directly prevents deserialization of untrusted data by implementing input validation mechanisms in the Azure Monitor Agent.

SI-2 Flaw Remediation good match

prevent

Remediates the specific deserialization flaw through timely identification, reporting, and patching as per Microsoft's update guide.

AC-6 Least Privilege partial match

prevent

Limits the impact of local privilege escalation by ensuring the Azure Monitor Agent operates with minimal necessary privileges.

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation

Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.

attack.mitre.org →

Why these techniques?

Local deserialization vulnerability in Azure Monitor Agent directly enables privilege escalation via exploitation of a software flaw (CWE-502), matching T1068.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

Deserialization of untrusted data in Azure Monitor Agent allows an authorized attacker to elevate privileges locally.

Deeper analysisAI

CVE-2026-32192 is a deserialization of untrusted data vulnerability (CWE-502) in the Azure Monitor Agent. Published on 2026-04-14, it carries a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating high severity due to its potential for significant impact on confidentiality, integrity, and availability.

A local attacker with low privileges (PR:L) can exploit this issue with low complexity and no user interaction required. Successful exploitation allows privilege escalation on the affected system.

Microsoft's update guide provides details on mitigation and patching for this vulnerability: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32192.

Details

CWE(s): CWE-502

Affected Products

microsoft

azure monitor agent

≤ 1.41.0

CVEs Like This One

CVE-2026-32168Same product: Microsoft Azure Monitor Agent

CVE-2025-62550Same product: Microsoft Azure Monitor Agent

CVE-2026-25166Same vendor: Microsoft

CVE-2026-32184Same vendor: Microsoft

CVE-2025-29807Same vendor: Microsoft

CVE-2025-59245Same vendor: Microsoft

CVE-2025-47994Same vendor: Microsoft

CVE-2025-54914Same vendor: Microsoft

CVE-2026-24293Same vendor: Microsoft

CVE-2025-21359Same vendor: Microsoft

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32192
Vendor Advisory · secure@microsoft.com