Agents
Azure AI Foundry CVE-2026-35435: M365 Published Agents Privilege Escalation Actively Exploited in the Wild
Microsoft disclosed a critical (CVSS 8.6) elevation-of-privilege vulnerability in Azure AI Foundry affecting M365 published agents — autonomous AI assistants that perform tasks across the Microsoft 365 ecosystem. Improper access control allows unauthenticated network attackers to bypass permission boundaries that should be strictly bounded by the agent publisher's identity and configuration. Microsoft confirmed exploitation in the wild; the vulnerability targets access control mechanisms governing how published agents authenticate and authorize actions, potentially granting attackers extensive control over AI resources and the underlying M365 environment.
Source
↳ Follow the thread