CVE-2026-26148

High

External initialization of trusted variables or data stores in Azure Entra ID allows an unauthorized attacker to elevate privileges locally.

secure@microsoft.com·CWE-454·Published 2026-03-10

CVSS

8.1

EPSS

0.00

KEV

Exploits

cve.orgen

140 chars

External initialization of trusted variables or data stores in Azure Entra ID allows an unauthorized attacker to elevate privileges locally.

NVDen

140 chars

External initialization of trusted variables or data stores in Azure Entra ID allows an unauthorized attacker to elevate privileges locally.

NVDes

154 chars

Inicialización externa de variables de confianza o almacenes de datos en Azure Entra ID permite a un atacante no autorizado elevar privilegios localmente.

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
3.1	Primary	NVD	8.1	1.4	6.0	CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
3.1	Primary	cve.org	8.1	—	—	CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C