prometheus security

The prometheus security tag covers vulnerabilities and best practices for securing Prometheus monitoring deployments, particularly in Windows-centric environments that integrate with Azure AD and Kubernetes. A key topic is CVE-2026-42151, a high-severity information-disclosure flaw where Azure AD remote-write OAuth client secrets could be exposed in plaintext through the configuration API in Prometheus versions before 3.5.3 and between 3.6.0 and 3.11.3. This matters for Windows administrators because modern Windows estates increasingly rely on Linux containers, Kubernetes operators, and Azure identities, making open-source observability security a critical part of Microsoft Entra ID protection. Discussions focus on patching, secret management, and monitoring configuration risks.