cve 2026-33833

CVE-2026-33833 is a spoofing vulnerability in Azure Machine Learning Notebooks disclosed in Microsoft's May 2026 security guidance. Unlike vulnerabilities that cause service outages, this flaw could allow an attacker to expose sensitive information and make limited modifications to disclosed data without disrupting availability. The CVSS scoring emphasizes that the primary risk is to data integrity and confidentiality rather than service uptime. In interactive notebook environments, the most valuable assets are often data, credentials, model context, and user trust. Defenders should prioritize protecting session integrity and monitoring for unauthorized data access or manipulation rather than focusing solely on availability impacts.