Cyber Resilience

CVE-2026-33107

Critical

Published: 03 April 2026

Published
03 April 2026
Modified
06 April 2026
KEV Added
Patch
CVSS Score v3.1 10.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
EPSS Score 0.0070 48.5th percentile
Risk Priority 70 floored blend · peak EPSS

Summary

CVE-2026-33107 is a critical-severity SSRF (CWE-918) vulnerability in Microsoft Azure Databricks. Its CVSS base score is 10.0 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 48.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SC-7 (Boundary Protection) and SI-10 (Information Input Validation).

Deeper analysis

CVE-2026-33107 is a server-side request forgery (SSRF) vulnerability, mapped to CWE-918, affecting Azure Databricks. Published on 2026-04-03, it has a CVSS v3.1 base score of 10.0 (AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H), reflecting its critical severity due to network accessibility, low complexity, no required privileges or user interaction, scope change, and high impacts on confidentiality, integrity, and availability.

An unauthorized attacker can exploit this SSRF vulnerability remotely over a network. Exploitation enables the attacker to elevate privileges within the affected Azure Databricks environment.

The Microsoft Security Response Center advisory at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-33107 provides details on mitigation and patching guidance.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

Server-side request forgery (ssrf) in Azure Databricks allows an unauthorized attacker to elevate privileges over a network.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques?

SSRF in public-facing Azure Databricks service directly enables remote exploitation of a server application (T1190) and results in privilege escalation within the environment (T1068).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2025-21177Same vendor: Microsoft
CVE-2025-59503Same vendor: Microsoft
CVE-2025-62207Same vendor: Microsoft
CVE-2026-32169Same vendor: Microsoft
CVE-2026-26138Same vendor: Microsoft
CVE-2026-32186Same vendor: Microsoft
CVE-2026-26137Same vendor: Microsoft
CVE-2026-26150Same vendor: Microsoft
CVE-2026-41105Same vendor: Microsoft
CVE-2026-35431Same vendor: Microsoft

Affected Assets

microsoft
azure databricks
all versions

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Validates and sanitizes user-supplied inputs to prevent SSRF exploitation where malicious URLs trigger unauthorized server-side requests leading to privilege elevation.

prevent

Monitors and controls communications at system boundaries to block SSRF-induced requests from accessing internal network resources and enabling privilege escalation.

prevent

Enforces information flow control policies to restrict unauthorized outbound requests from the vulnerable Azure Databricks server.

References