{"data":{"id":"2c84153d-fdae-4eca-b116-178c344d89d7","title":"CVE-2026-45499: Server-side request forgery (ssrf) in Azure OpenAI allows an authorized attacker to elevate privileges over a network.","summary":"CVE-2026-45499 is a server-side request forgery vulnerability (SSRF, a flaw where an attacker tricks a server into making unwanted network requests) in Azure OpenAI that allows an authorized attacker to gain elevated privileges over a network. The vulnerability has a CVSS score (severity rating from 0-10) that has not yet been assigned by NIST. Microsoft has published information about this vulnerability on their security update page.","solution":"N/A -- no mitigation discussed in source.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2026-45499","publishedAt":"2026-07-02T23:16:51.003Z","cveId":"CVE-2026-45499","cweIds":["CWE-918"],"cvssScore":"9.9","cvssSeverity":"critical","severity":"critical","attackType":["other"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":["Microsoft"],"affectedVendorsRaw":["Azure OpenAI","Microsoft"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H","attackVector":"network","attackComplexity":"low","privilegesRequired":"low","userInteraction":"none","exploitMaturity":"unknown","epssScore":0,"patchAvailable":null,"disclosureDate":"2026-07-02T23:16:51.003Z","capecIds":["CAPEC-664"],"crossRefCount":0,"attackSophistication":"moderate","impactType":["integrity","confidentiality"],"aiComponentTargeted":"api","llmSpecific":true,"classifierConfidence":0.85,"researchCategory":null,"atlasIds":null}}