CVE-2026-45499: Server-side request forgery (ssrf) in Azure OpenAI allows an authorized attacker to elevate privileges over a network.
Summary
CVE-2026-45499 is a server-side request forgery vulnerability (SSRF, a flaw where an attacker tricks a server into making unwanted network requests) in Azure OpenAI that allows an authorized attacker to gain elevated privileges over a network. The vulnerability has a CVSS score (severity rating from 0-10) that has not yet been assigned by NIST. Microsoft has published information about this vulnerability on their security update page.
Vulnerability Details
9.9(critical)
EPSS: 0.0%
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
network
low
low
none
July 2, 2026
Classification
Affected Vendors
Related Issues
Original source: https://nvd.nist.gov/vuln/detail/CVE-2026-45499
First tracked: July 2, 2026 at 08:09 PM
Classified by LLM (prompt v3) · confidence: 85%