Zero-Day Security Alert — April 4, 2026: Five Critical Microsoft Azure Vulnerabilities Disclosed

Five critical Microsoft Azure vulnerabilities (CVSS 9.1-10.0) were disclosed on April 3, 2026, affecting Azure AI Foundry, Azure Kubernetes Service, Azure Databricks, Azure Custom Locations, and Azure MCP Server. All are hosted-service vulnerabilities already addressed by Microsoft. Review your Azure audit logs and confirm no anomalous activity occurred prior to remediation.

Daily Security Briefing

April 4, 2026

CVE-2026-32213 | CVSS 10.0 | CRITICAL Severity | No Known Active Exploitation

Affected Product

Microsoft Azure AI Foundry (hosted service)

Description

Improper authorization in Azure AI Foundry allows an unauthorized attacker to elevate privileges over a network. The vulnerability has a perfect CVSS score of 10.0 with changed scope, meaning a successful exploit could impact resources beyond the vulnerable component. Attack complexity is low with no privileges or user interaction required.

Attack Vector

Network-based. No authentication, user interaction, or elevated privileges required. Low attack complexity. Scope is changed, meaning exploitation can affect resources beyond the vulnerable component.

Remediation

This is an exclusively hosted service vulnerability. Microsoft has already addressed this issue on their infrastructure. No customer action is required. Organizations using Azure AI Foundry should review audit logs for any anomalous privilege escalation activity prior to the fix date.

CISA Remediation Due Date: N/A

CVE-2026-33105 | CVSS 10.0 | CRITICAL Severity | No Known Active Exploitation

Affected Product

Microsoft Azure Kubernetes Service (hosted service)

Description

Improper authorization in Microsoft Azure Kubernetes Service allows an unauthorized attacker to elevate privileges over a network. Like CVE-2026-32213, this vulnerability scores a perfect 10.0 with changed scope, low complexity, and no authentication required.

Attack Vector

Network-based. No authentication, user interaction, or elevated privileges required. Low attack complexity. Changed scope with high impact to confidentiality, integrity, and availability.

Remediation

Exclusively hosted service vulnerability already addressed by Microsoft. No customer action required. AKS users should review cluster audit logs and Azure Activity logs for unauthorized privilege escalation attempts.

CISA Remediation Due Date: N/A

CVE-2026-33107 | CVSS 10.0 | CRITICAL Severity | No Known Active Exploitation

Affected Product

Microsoft Azure Databricks (hosted service)

Description

Server-side request forgery (SSRF) in Azure Databricks allows an unauthorized attacker to elevate privileges over a network. The SSRF flaw could allow attackers to access internal Azure services and metadata endpoints, potentially compromising data and infrastructure beyond the Databricks environment.

Attack Vector

Network-based SSRF. No authentication, user interaction, or elevated privileges required. Low attack complexity. Changed scope with full impact to confidentiality, integrity, and availability.

Remediation

Exclusively hosted service vulnerability already addressed by Microsoft. No customer action required. Databricks users should review workspace access logs and network activity for any signs of unauthorized SSRF-based access to internal endpoints.

CISA Remediation Due Date: N/A

CVE-2026-26135 | CVSS 9.6 | CRITICAL Severity | No Known Active Exploitation

Affected Product

Microsoft Azure Custom Locations Resource Provider (hosted service)

Description

Server-side request forgery (SSRF) in the Azure Custom Locations Resource Provider allows an authorized attacker to elevate privileges over a network. Unlike the other CVEs in this batch, this vulnerability requires low-level authentication (PR:L), but still achieves changed scope with high confidentiality and integrity impact.

Attack Vector

Network-based SSRF. Requires low-level authentication. No user interaction needed. Low attack complexity. Changed scope with high confidentiality and integrity impact.

Remediation

Exclusively hosted service vulnerability already addressed by Microsoft. No customer action required. Organizations using Azure Arc and Custom Locations should review access logs for unauthorized privilege escalation.

CISA Remediation Due Date: N/A

CVE-2026-32211 | CVSS 9.1 | CRITICAL Severity | No Known Active Exploitation

Affected Product

Microsoft Azure MCP Server (hosted service)

Description

Missing authentication for a critical function in the Azure MCP Server allows an unauthorized attacker to disclose information over a network. The lack of authentication on a critical endpoint means unauthenticated network access could lead to high-impact data exposure and integrity compromise.

Attack Vector

Network-based. No authentication, user interaction, or elevated privileges required. Low attack complexity. High impact to confidentiality and integrity.

Remediation

Exclusively hosted service vulnerability already addressed by Microsoft. No customer action required. Organizations using Azure MCP Server should review access and activity logs for unauthorized information disclosure attempts.

CISA Remediation Due Date: N/A

This report is generated automatically from NVD and CISA KEV data.