CVE-2026-23658 - Vulnerability Analysis
HighCVSS: 8.6Last Updated: March 20, 2026
Azure DevOps - Authentication Bypass
Published: March 19, 2026Updated: March 20, 2026Remote Exploitable
Overview
Azure DevOps contains a broken authentication caused by insufficiently protected credentials, letting unauthorized attackers elevate privileges over a network, exploit requires network access.
Severity & Score
Severity: High
CVSS Score: 8.6
EPSS Score: 8.3%(Probability of exploitation in next 30 days)
Impact
Unauthorized attackers can elevate privileges over the network, potentially gaining higher access rights.
Mitigation
Update to the latest version.
Social Media Activity(1 post)
TheHackerWire
@thehackerwire
š CVE-2026-23658 - High (8.6) Insufficiently protected credentials in Azure DevOps allows an unauthorized attacker to elevate privileges over a network. š https://www.thehackerwire.com/vulnerability/CVE-2026-23658/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
View original postRelated Resources
Details
- CVE ID
- CVE-2026-23658
- Severity
- High
- CVSS Score
- 8.6
- Type
- broken_authentication
- Status
- unconfirmed
- EPSS
- 8.3%
- Social Posts
- 1
CWE
- CWE-522
CVSS Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
EPSS Score
8.3%Probability of exploitation in the next 30 days