Agents
Azure SRE Agent CVE-2026-32173 (CVSS 8.6): Unauthenticated WebSocket Exposes Live Cloud Ops, Deployment Credentials
Enclave AI researcher Yanir Tsarimi found that Azure SRE Agent's /agentHub WebSocket endpoint accepted tokens from any Entra ID tenant due to a multi-tenant app registration misconfiguration, then broadcast all events to all clients with no identity filtering. Exposed data included user prompts, agent reasoning traces, every command with full arguments, output, and in testing, deployment credentials for live web apps. Microsoft classified it as improper authentication and patched; no prior authentication was needed to exploit.
Source
↳ Follow the thread