Plateforme
windows
Composant
microsoft-purview
Corrigé dans
2.5.4
CVE-2026-26138 describes a server-side request forgery (SSRF) vulnerability within Microsoft Purview. This flaw allows an unauthorized attacker to potentially escalate privileges and gain access to resources on a network. The vulnerability impacts versions 1.0.0 and earlier, with a fix available in version 2.5.4.
The SSRF vulnerability in Microsoft Purview enables an attacker to craft malicious requests that the Purview service will execute on behalf of the attacker. This can lead to unauthorized access to internal network resources, potentially exposing sensitive data or allowing the attacker to perform actions they shouldn't be able to. Successful exploitation could involve accessing internal APIs, reading configuration files, or even interacting with other services within the network. The blast radius extends to any internal resource accessible via HTTP/HTTPS requests initiated by the Purview service, making it a significant security concern.
CVE-2026-26138 was publicly disclosed on 2026-03-19. Currently, there are no publicly available proof-of-concept exploits. The EPSS score is pending evaluation, but the SSRF nature of the vulnerability suggests a potential for medium to high exploitation probability given sufficient attacker knowledge and access. Monitor security advisories and threat intelligence feeds for any indications of active exploitation campaigns.
Organizations heavily reliant on Microsoft Purview for data governance and compliance are particularly at risk. Environments with complex internal network architectures and exposed internal services are also more vulnerable. Any deployment of Microsoft Purview versions 1.0.0 and earlier is considered at risk.
• windows / supply-chain:
Get-WinEvent -LogName Application -Filter "EventID = 4688 -Message contains 'Microsoft Purview'"• windows / supply-chain:
Get-Process -Name "PurviewService" | Select-Object -ExpandProperty Path• generic web: Use curl or wget to probe internal endpoints that Purview might access. Look for unexpected responses or error messages indicating SSRF activity. • generic web: Review access logs for unusual outbound requests originating from the Purview service's IP address.
disclosure
Statut de l'Exploit
EPSS
0.09% (percentile 26%)
CISA SSVC
Vecteur CVSS
The primary mitigation for CVE-2026-26138 is to upgrade Microsoft Purview to version 2.5.4 or later, which includes the necessary fix. If immediate upgrading is not feasible, consider implementing temporary workarounds such as restricting outbound network access for the Purview service to only necessary destinations. Employing a Web Application Firewall (WAF) with SSRF protection rules can also help to block malicious requests. Regularly review and audit network configurations to identify and minimize potential attack surfaces.
Microsoft a publié une mise à jour de sécurité pour Microsoft Purview qui corrige cette vulnérabilité. Appliquez la dernière mise à jour fournie par Microsoft pour atténuer le risque d'élévation de privilèges via SSRF. Consultez le guide de mise à jour de Microsoft pour obtenir des instructions détaillées.
Analyses de vulnérabilités et alertes critiques directement dans votre boîte mail.
CVE-2026-26138 is a server-side request forgery vulnerability in Microsoft Purview allowing unauthorized privilege escalation. It has a CVSS score of 8.6 (HIGH).
Yes, if you are using Microsoft Purview versions 1.0.0 or earlier, you are affected by this SSRF vulnerability.
Upgrade Microsoft Purview to version 2.5.4 or later to remediate the vulnerability. Consider temporary workarounds like restricting outbound network access if immediate upgrade is not possible.
Currently, there are no publicly known active exploitation campaigns, but the SSRF nature of the vulnerability warrants vigilance.
Refer to the official Microsoft security advisory for CVE-2026-26138 on the Microsoft Security Response Center website.
Téléverse ton fichier de dépendances et découvre instantanément si cette CVE et d'autres te touchent.