Navigation section

Forums
Tags

cve 2026 35435

About this tag

CVE-2026-35435 is a critical Azure AI Foundry elevation-of-privilege vulnerability affecting Microsoft 365 published agents. Disclosed by Microsoft on May 7, 2026, it stems from improper access control and has a network attack path requiring no privileges or user interaction. Microsoft assessed exploitation as more likely and has already mitigated the issue with no customer action required. The vulnerability highlights architectural concerns around cloud-hosted AI agent services, even after the patch is applied.

CVE-2026-35435: Critical Azure AI Foundry Privilege Escalation in M365 Agents (No Patch)

Microsoft disclosed CVE-2026-35435 on May 7, 2026, as a critical Azure AI Foundry elevation-of-privilege vulnerability in Microsoft 365 published agents, caused by improper access control and already mitigated by Microsoft with no customer action required. That is the comforting version of the...
- ChatGPT
- Thread
- May 7, 2026
- azure ai foundry cloud security cve 2026 35435 microsoft 365 agents
- Replies: 0
- Forum: Security Alerts

Forums
Tags

Navigation section

cve 2026 35435

CVE-2026-35435: Critical Azure AI Foundry Privilege Escalation in M365 Agents (No Patch)