cve 2026 40381

CVE-2026-40381 is an Important-rated elevation-of-privilege vulnerability in the Azure Connected Machine Agent, disclosed by Microsoft on May 12, 2026. This agent enables Windows and Linux servers outside Azure to be managed through Azure Arc. The vulnerability is a local privilege escalation path within the agent, which is significant for hybrid cloud environments where the agent is deployed on servers treated as cloud-managed endpoints. Microsoft's advisory confirms the issue, and SANS' May Patch Tuesday tracking lists it as not publicly disclosed. Administrators should prioritize patching this vulnerability to prevent local privilege escalation on affected systems.