CVE-2026-33105
Improper Authorization in Azure Kubernetes Service Enables Privilege Escalation
Publication date: 2026-04-03
Last updated on: 2026-04-06
Assigner: Microsoft Corporation
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| microsoft | azure_kubernetes_service | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-285 | The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action. |
| CWE-863 | The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an improper authorization issue in Microsoft Azure Kubernetes Service that allows an unauthorized attacker to elevate their privileges over a network.
How can this vulnerability impact me? :
The vulnerability can have a critical impact by allowing an attacker to gain elevated privileges without authorization, potentially leading to full control over affected systems and compromising confidentiality, integrity, and availability.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability allows an unauthorized attacker to elevate privileges over a network in Microsoft Azure Kubernetes Service, which can lead to unauthorized access and control over sensitive data and systems.
Such unauthorized privilege escalation can result in violations of compliance requirements under standards like GDPR and HIPAA, which mandate strict controls over access to personal and protected health information.
Therefore, this vulnerability poses a significant risk to maintaining compliance with these regulations due to potential data breaches and unauthorized data manipulation.