CVE-2026-26118

Name of the Vulnerable Software and Affected Versions Azure MCP Server (affected versions not specified)

Description An authorized attacker can exploit a server-side request forgery (SSRF) condition in Azure MCP Server to gain elevated privileges on a network. SSRF occurs when an application makes requests to an unintended location, potentially allowing an attacker to access sensitive resources or perform actions on behalf of the server.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.