PT-2026-38583 · Microsoft · Azure Ai Foundry

Published

2026-05-07

Updated

2026-06-10

CVE-2026-35435

CVSS v3.1

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Azure AI Foundry M365 published agents (affected versions not specified)

Description Improper access control in Azure AI Foundry M365 published agents allows an unauthorized attacker to elevate privileges over a network.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

LPE

Improper Access Control

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-284

Related Identifiers

BDU:2026-06840

CVE-2026-35435

Affected Products

Azure Ai Foundry

PT-2026-38583 · Microsoft · Azure Ai Foundry

CVE-2026-35435

Weakness Enumeration

Related Identifiers

Affected Products

References · 10