CVE-2026-26150
critical
CVSS v3
10.0
CVSS v2
—
VIR risk
10.0
Description
Server-side request forgery (ssrf) in Microsoft Purview allows an unauthorized attacker to elevate privileges over a network.
Predictions
Exploit likelihood
98%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: secure@microsoft.com — https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26150
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| microsoft | purview_ediscovery | - | |
References
CWEs
CWE-918
Verify integrity in audit chain (admin only). AS-IS.