CVE-2026-42830

🔶 medium

🔍 Scan for this CVE

Untrusted search path in Azure Monitor Agent allows an authorized attacker to elevate privileges locally.

CVSS Score

6.5

Medium

EPSS Score

0.1

Exploit Probability

Published Date

2026-05-12

First Seen: 2026-05-17

This CVE is Lower Risk - more severe than 47.8% of all 326,604 vulnerabilities in our database.

#170,379

Below average severity

Severity Percentile

🔍 Exploitation Status

None

No known exploits

⚙️ Automatable

Requires human interaction

💥 Technical Impact

Total

Complete system compromise possible

SSVC data provided by CISA

Last Modified 2026-05-14

Source NVD 🔗

CVSS Vector 3.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N

CWE IDs (Weakness Types)

CWE-426

📦 Affected Products 1

Vendor	Product	Status	Affected Versions
microsoft	azure_monitor_agent	Affected	< 1.42.0

Vendor Advisory

CVE ID	Severity	CVSS	EPSS	Summary	Published
CVE-2026-32192	⚠️ high	7.8	0.4	Deserialization of untrusted data in Azure Monitor Agent allows an authorized attacker to elevate privileges locally.	2026-04-14
CVE-2025-62550	⚠️ high	8.8	0.1	Out-of-bounds write in Azure Monitor Agent allows an authorized attacker to execute code over a network.	2025-12-09
CVE-2025-59504	⚠️ high	7.3	0.1	Heap-based buffer overflow in Azure Monitor Agent allows an unauthorized attacker to execute code locally.	2025-11-11
CVE-2025-59285	⚠️ high	7.0	1.0	Deserialization of untrusted data in Azure Monitor Agent allows an authorized attacker to elevate privileges locally.	2025-10-14
CVE-2025-59494	⚠️ high	7.8	0.1	Improper access control in Azure Monitor Agent allows an authorized attacker to elevate privileges locally.	2025-10-14
CVE-2025-47988	⚠️ high	7.5	0.1	Improper control of generation of code ('code injection') in Azure Monitor Agent allows an unauthorized attacker to exec...	2025-07-08

These CVEs affect the same products