Plateforme
windows
Composant
microsoft-purview
Corrigé dans
2.5.4
CVE-2026-26139 describes a server-side request forgery (SSRF) vulnerability discovered in Microsoft Purview. This flaw allows an attacker to potentially elevate privileges and gain unauthorized access to network resources. The vulnerability impacts versions 1.0.0 and earlier, with a fix available in version 2.5.4. Microsoft has released an advisory and patch to address this issue.
The SSRF vulnerability in Microsoft Purview allows an attacker to craft malicious requests that the Purview service will execute on behalf of the attacker. This can lead to unauthorized access to internal resources, data exfiltration, and potentially even privilege escalation. An attacker could, for example, use this vulnerability to scan internal networks for open ports or access sensitive data stored on internal servers. The blast radius extends to any network resources accessible by the Purview service, potentially impacting multiple systems and data stores. While no direct precedent exists for this specific SSRF, SSRF vulnerabilities generally pose a significant risk due to their ability to bypass security controls and access internal resources.
CVE-2026-26139 was publicly disclosed on March 19, 2026. The vulnerability's severity is rated HIGH (CVSS 8.6). There are currently no publicly available proof-of-concept exploits. It is not listed on the CISA KEV catalog at the time of this writing. The potential for exploitation exists due to the ease of SSRF exploitation and the potential impact on sensitive data and internal systems.
Organizations heavily reliant on Microsoft Purview for data governance and compliance are at significant risk. Specifically, deployments with extensive network access granted to the Purview service, or those using older versions (1.0.0 and earlier) are particularly vulnerable. Shared hosting environments utilizing Microsoft Purview also face increased risk due to potential cross-tenant exploitation.
• windows / supply-chain:
Get-WinEvent -LogName Application -Filter "EventID = 1000 -Message *= 'Purview SSRF attempt'"• windows / supply-chain:
Get-Process -Name "PurviewService" | Select-Object -ExpandProperty Path | ForEach-Object { Get-ChildItem $_ -Recurse | Where-Object {$_.Name -like "*.log"} }• generic web:
Use curl or wget to test for SSRF by attempting to access internal resources through the Purview service. For example, curl http://purview-service/http://internal-server.
disclosure
Statut de l'Exploit
EPSS
0.09% (percentile 25%)
CISA SSVC
Vecteur CVSS
The primary mitigation for CVE-2026-26139 is to upgrade Microsoft Purview to version 2.5.4 or later, which includes the necessary fix. If immediate upgrading is not possible, consider implementing temporary workarounds such as restricting network access for the Purview service to only the necessary resources. Implement strict input validation and sanitization to prevent malicious requests from being processed. Consider deploying a Web Application Firewall (WAF) with SSRF protection rules to filter out potentially malicious requests. After upgrading, confirm the fix by attempting to trigger the SSRF vulnerability and verifying that the request is blocked or handled securely.
Appliquez la mise à jour de sécurité fournie par Microsoft pour Microsoft Purview. Cette mise à jour corrige la vulnérabilité de falsification de requêtes côté serveur (SSRF) qui permet à un attaquant non autorisé d'élever des privilèges sur le réseau. Consultez la documentation de mise à jour de Microsoft pour obtenir des instructions détaillées.
Analyses de vulnérabilités et alertes critiques directement dans votre boîte mail.
CVE-2026-26139 is a server-side request forgery vulnerability in Microsoft Purview allowing attackers to potentially elevate privileges and access internal network resources.
If you are using Microsoft Purview versions 1.0.0 or earlier, you are affected by this vulnerability. Upgrade to version 2.5.4 or later to mitigate the risk.
The recommended fix is to upgrade Microsoft Purview to version 2.5.4 or later. As a temporary workaround, restrict network access and implement input validation.
As of the current date, there are no confirmed reports of active exploitation, but the potential for exploitation exists due to the nature of SSRF vulnerabilities.
Refer to the official Microsoft security advisory for CVE-2026-26139 on the Microsoft Security Response Center website.
Téléverse ton fichier de dépendances et découvre instantanément si cette CVE et d'autres te touchent.