Home / Vulnerability Intelligence / CVE-2026-26118

CVE-2026-26118 - Vulnerability Analysis

HighCVSS: 8.8

Last Updated: March 11, 2026

Azure MCP Server - Privilege Escalation

Published: March 10, 2026Updated: March 11, 2026Remote Exploitable

Overview

Azure MCP Server contains a server side request forgery caused by improper request validation, letting authorized attackers elevate privileges over a network, exploit requires attacker authorization.

Severity & Score

Severity: High

CVSS Score: 8.8

EPSS Score: 5.7%(Probability of exploitation in next 30 days)

Impact

Authorized attackers can elevate privileges over the network, potentially gaining unauthorized access or control.

Mitigation

Update to the latest version of Azure MCP Server.

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26118

Social Media Activity(1 post)

TheHackerWire

@thehackerwire

Mar 10, 2026

🟠 CVE-2026-26118 - High (8.8) Server-side request forgery (ssrf) in Azure MCP Server allows an authorized attacker to elevate privileges over a network. 🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-26118/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post

Related Resources

Details

CVE ID: CVE-2026-26118
Severity: High
CVSS Score: 8.8
Type: server_side_request_forgery
Status: unconfirmed
EPSS: 5.7%
Social Posts: 1

CWE

CWE-918

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Score

5.7%Probability of exploitation in the next 30 days