azure devops (microsoft) — Vulnerabilities

Signals

Monitoring NVD, CISA KEV, EPSS and the Dragons Community ransomware tracker in near-real timeMonitoring NVD, CISA KEV, EPSS and the Dragons Community ransomware tracker in near-real time

Vendors · microsoft · azure devops

azure devops

· 3 Criticalmicrosoft · 4 known vulnerabilities

Total

Critical

High

Medium

CISA KEV

CVE-2026-42826CRITICAL 10.0

May 7, 2026

Exposure of sensitive information to an unauthorized actor in Azure DevOps allows an unauthorized attacker to disclose information over a network.

CVE-2026-23658HIGH 8.6

Mar 19, 2026

Insufficiently protected credentials in Azure DevOps allows an unauthorized attacker to elevate privileges over a network.

CVE-2025-47158CRITICAL 9.0

Jul 18, 2025

Authentication bypass by assumed-immutable data in Azure DevOps allows an unauthorized attacker to elevate privileges over a network.

CVE-2025-29813CRITICAL 10.0

May 8, 2025

Authentication bypass by assumed-immutable data in Azure DevOps allows an unauthorized attacker to elevate privileges over a network.

All microsoft products All Vendors CVE Database KEV Catalog