{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-10T19:34:11.664","vulnerabilities":[{"cve":{"id":"CVE-2026-26118","sourceIdentifier":"secure@microsoft.com","published":"2026-03-10T18:18:41.180","lastModified":"2026-03-13T20:12:47.740","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Server-side request forgery (ssrf) in Azure MCP Server allows an authorized attacker to elevate privileges over a network."},{"lang":"es","value":"Falsificación de petición del lado del servidor (SSRF) en Azure MCP Server permite a un atacante autorizado elevar privilegios a través de una red."}],"metrics":{"cvssMetricV31":[{"source":"secure@microsoft.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}]},"weaknesses":[{"source":"secure@microsoft.com","type":"Secondary","description":[{"lang":"en","value":"CWE-918"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:azure_mcp_server:*:*:*:*:*:*:*:*","versionEndExcluding":"2.0.0","matchCriteriaId":"08F2F33D-68BC-40BD-9945-9DAC13516B3F"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:azure_mcp_server:2.0.0:beta1:*:*:*:*:*:*","matchCriteriaId":"FE4BB62F-D65C-4BD7-A977-560951121A31"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:azure_mcp_server:2.0.0:beta10:*:*:*:*:*:*","matchCriteriaId":"E25804B6-4EBC-484C-AA53-5F36A125F63C"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:azure_mcp_server:2.0.0:beta11:*:*:*:*:*:*","matchCriteriaId":"60995316-44CA-4789-B168-BD759D3FDC7E"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:azure_mcp_server:2.0.0:beta12:*:*:*:*:*:*","matchCriteriaId":"69049E0E-CFEE-4051-BE1A-E6A10A346986"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:azure_mcp_server:2.0.0:beta13:*:*:*:*:*:*","matchCriteriaId":"0E72117C-2C98-424A-BF6E-78553201F3AF"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:azure_mcp_server:2.0.0:beta14:*:*:*:*:*:*","matchCriteriaId":"AE81B2AA-87D7-41B3-934E-F06EB9973B7A"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:azure_mcp_server:2.0.0:beta15:*:*:*:*:*:*","matchCriteriaId":"A733A0B0-6D86-4CEF-A594-214195F8A40E"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:azure_mcp_server:2.0.0:beta16:*:*:*:*:*:*","matchCriteriaId":"1A0E69CE-C717-407D-84BA-8CC241F179B7"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:azure_mcp_server:2.0.0:beta2:*:*:*:*:*:*","matchCriteriaId":"C7D01823-C2A0-4FB2-B0A9-53CD02FFDFFA"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:azure_mcp_server:2.0.0:beta3:*:*:*:*:*:*","matchCriteriaId":"F27295F4-18D0-428E-A2F1-77B3209B6183"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:azure_mcp_server:2.0.0:beta4:*:*:*:*:*:*","matchCriteriaId":"B88758F0-AE0F-4644-A2D0-EAB69F04B2AA"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:azure_mcp_server:2.0.0:beta5:*:*:*:*:*:*","matchCriteriaId":"D1C2790F-D5F5-495A-9A70-01D0A69FECDF"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:azure_mcp_server:2.0.0:beta6:*:*:*:*:*:*","matchCriteriaId":"F30CE925-8322-43B4-B634-B08F0D69DF19"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:azure_mcp_server:2.0.0:beta7:*:*:*:*:*:*","matchCriteriaId":"640182FA-C461-46A2-BDEE-0785DCA7C26B"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:azure_mcp_server:2.0.0:beta8:*:*:*:*:*:*","matchCriteriaId":"F7F3A643-AC07-4EC7-A4E2-DD5B0937D728"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:azure_mcp_server:2.0.0:beta9:*:*:*:*:*:*","matchCriteriaId":"B304FD54-1827-4401-8DA9-C1D982667DBB"}]}]}],"references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26118","source":"secure@microsoft.com","tags":["Vendor Advisory"]}]}}]}