CVE-2026-26117

HIGH

Azure Windows Virtual Machine Agent - Privilege Escalation

Title source: llm

Description

Authentication bypass using an alternate path or channel in Azure Windows Virtual Machine Agent allows an authorized attacker to elevate privileges locally.

Exploits (1)

nomisec WRITEUP

by j-dahl7 · poc

https://github.com/j-dahl7/arc-cloud-c2-sentinel

View Code ZIP pw:eip

References (1)

[Vendor Advisory] https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26117

Scores

CVSS v3 7.8

EPSS 0.0003

EPSS Percentile 7.9%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-288

Status published

Products (2)

Microsoft/Arc Enabled Servers - Azure Connected Machine Agent 1.0.0 - 1.61

microsoft/arc_enabled_servers_azure_connected_machine_agent 1.0.0 - 1.61

Published Mar 10, 2026

Tracked Since Mar 11, 2026