Agents
CVE-2026-32173: Azure SRE Agent Improper Authentication Enables Network-Based Information Disclosure
Microsoft confirmed CVE-2026-32173 on April 3 — a high-severity (CVSS 8.6) improper authentication vulnerability in Azure SRE Agent that allows unauthorized attackers to bypass security controls and access sensitive information over the network without authentication. The Azure SRE Agent provides telemetry, diagnostics, and operational capabilities across Microsoft's cloud platform; the flaw means the agent fails to verify the identity of requesting entities before granting data access. Combined with CVE-2026-32211 (MCP Server, CVSS 9.1) disclosed the same week, this marks two critical authentication failures in Microsoft's agent infrastructure in 48 hours.
Source
↳ Follow the thread