CVE-2026-32173
Improper Authentication in Azure SRE Agent Enables Information Disclosure
Publication date: 2026-04-03
Last updated on: 2026-04-06
Assigner: Microsoft Corporation
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| microsoft | azure_sre_agent | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-287 | When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct. |
| CWE-863 | The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is caused by improper authentication in the Azure SRE Agent, which allows an unauthorized attacker to disclose information over a network.
How can this vulnerability impact me? :
The impact of this vulnerability is information disclosure, meaning that sensitive or confidential information could be accessed by unauthorized attackers remotely.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
This vulnerability involves improper authentication in the Azure SRE Agent that allows unauthorized attackers to disclose information over a network.
Such information disclosure could potentially impact compliance with standards and regulations like GDPR and HIPAA, which require protection of sensitive data and prevention of unauthorized access.
However, specific details on how this vulnerability affects compliance with these standards are not provided in the available information.