CVE-2026-32173

Name of the Vulnerable Software and Affected Versions Azure SRE Agent (affected versions not specified)

Description Improper authentication in the Azure SRE Agent allows an unauthorized attacker to disclose information over a network. A multi-tenant design oversight occurred where authentication checks validated tokens without ensuring the caller was authorized for the target tenant. This gap allowed individuals from different Entra ID tenants to silently eavesdrop on real-time command streams, AI chat streams, internal LLM reasoning, tool calls, and sensitive credentials. This issue specifically affected the Azure SRE Agent Gateway - SignalR Hub.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.