CVE-2026-42826
Exposure of Sensitive Information in Azure DevOps
Publication date: 2026-05-07
Last updated on: 2026-05-08
Assigner: Microsoft Corporation
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| microsoft | azure_devops | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-200 | The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information. |
Attack-Flow Graph
AI Powered Q&A
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
This vulnerability involves the exposure of sensitive information to unauthorized actors, which can lead to unauthorized disclosure of data over a network.
Such exposure can negatively impact compliance with common standards and regulations like GDPR and HIPAA, which require the protection of sensitive personal and health information from unauthorized access and disclosure.
Failure to protect sensitive information as required by these regulations can result in legal penalties, loss of trust, and other compliance-related consequences.
Can you explain this vulnerability to me?
This vulnerability involves the exposure of sensitive information in Azure DevOps to an unauthorized actor. It allows an attacker who is not authorized to access the system to disclose sensitive information over a network.
How can this vulnerability impact me? :
The impact of this vulnerability is severe as it can lead to the complete compromise of confidentiality, integrity, and availability of the affected system. An attacker can access sensitive information, potentially manipulate data, and disrupt services.