CVE-2026-42823
critical
CVSS v3
9.9
CVSS v2
—
VIR risk
9.9
Description
Improper access control in Azure Logic Apps allows an authorized attacker to elevate privileges over a network.
Predictions
Exploit likelihood
98%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: secure@microsoft.com — https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-42823
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| microsoft | azure_logic_apps | - | |
References
CWEs
CWE-284
Verify integrity in audit chain (admin only). AS-IS.