{"data":{"id":"181f2585-bef1-40e8-bc47-6d7a13bb68cd","title":"Azure SRE Agent flaw lets outsiders silently eavesdrop on enterprise cloud operations","summary":"Microsoft's Azure SRE Agent had a critical authentication flaw (CVE-2026-32173, CVSS score 8.6, a 0-10 rating of severity) that allowed unauthorized attackers to eavesdrop on sensitive agent activity over the network without proper credentials. The vulnerability existed because the service's token validation (a credential check) accepted tokens from any tenant organization and never verified if the attacker actually belonged to the target organization, exposing user prompts, agent responses, executed commands, and credentials.","solution":"Microsoft has fixed the issue server-side, and no customer action is required according to Microsoft's advisory.","labels":["security"],"sourceUrl":"https://www.csoonline.com/article/4161389/azure-sre-agent-flaw-let-outsiders-silently-eavesdrop-on-enterprise-cloud-operations.html","publishedAt":"2026-04-21T12:35:31.000Z","cveId":null,"cweIds":null,"cvssScore":null,"cvssSeverity":null,"severity":"high","attackType":["data_extraction"],"issueType":"news","affectedPackages":null,"affectedVendors":["Microsoft"],"affectedVendorsRaw":["Microsoft Azure SRE Agent"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":null,"epssScore":null,"patchAvailable":null,"disclosureDate":"2026-04-21T12:35:31.000Z","capecIds":null,"crossRefCount":0,"attackSophistication":"trivial","impactType":["confidentiality"],"aiComponentTargeted":"agent","llmSpecific":false,"classifierConfidence":0.95,"researchCategory":null,"atlasIds":null}}