CVE-2026-24300

CRITICAL

Azure Front Door - Privilege Escalation

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2026-24300. PoCs published by XiaomingX.

AI-analyzed exploit summary The repository claims to exploit an Azure Front Door access control misconfiguration but provides no actual exploit code, instead redirecting users to an external URL (tinyurl.com) for the exploit. The README lacks technical details and reads like a sales pitch.

Description

Azure Front Door Elevation of Privilege Vulnerability

Exploits (1)

github SUSPICIOUS 10 stars

by XiaomingX · pythonpoc

https://github.com/XiaomingX/data-cve-poc-py-v1/tree/main/2026/CVE-2026-24300

View Code ZIP pw:eip

The repository claims to exploit an Azure Front Door access control misconfiguration but provides no actual exploit code, instead redirecting users to an external URL (tinyurl.com) for the exploit. The README lacks technical details and reads like a sales pitch.

Classification

Suspicious 95%

Attack Type

Auth Bypass

Complexity

Theoretical

Reliability

Theoretical

Target: Microsoft Azure Front Door

No auth needed

Prerequisites: publicly accessible Azure Front Door instance

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1078 - Valid Accounts

devstral-2 · analyzed Feb 27, 2026 Full analysis →

References (1)

Core 1

Core References

Vendor Advisory vendor-advisory patch

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-24300

Scores

CVSS v3 9.8

EPSS 0.0009

EPSS Percentile 26.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact total

Details

CWE

CWE-284

Status published

Products (2)

Microsoft/Azure Front Door -

microsoft/azure_front_door

Published Feb 05, 2026

Tracked Since Feb 18, 2026