Plataforma
windows
Componente
microsoft-purview
Corrigido em
2.5.4
CVE-2026-26138 describes a server-side request forgery (SSRF) vulnerability within Microsoft Purview. This flaw allows an unauthorized attacker to potentially escalate privileges and gain access to resources on a network. The vulnerability impacts versions 1.0.0 and earlier, with a fix available in version 2.5.4.
The SSRF vulnerability in Microsoft Purview enables an attacker to craft malicious requests that the Purview service will execute on behalf of the attacker. This can lead to unauthorized access to internal network resources, potentially exposing sensitive data or allowing the attacker to perform actions they shouldn't be able to. Successful exploitation could involve accessing internal APIs, reading configuration files, or even interacting with other services within the network. The blast radius extends to any internal resource accessible via HTTP/HTTPS requests initiated by the Purview service, making it a significant security concern.
CVE-2026-26138 was publicly disclosed on 2026-03-19. Currently, there are no publicly available proof-of-concept exploits. The EPSS score is pending evaluation, but the SSRF nature of the vulnerability suggests a potential for medium to high exploitation probability given sufficient attacker knowledge and access. Monitor security advisories and threat intelligence feeds for any indications of active exploitation campaigns.
Organizations heavily reliant on Microsoft Purview for data governance and compliance are particularly at risk. Environments with complex internal network architectures and exposed internal services are also more vulnerable. Any deployment of Microsoft Purview versions 1.0.0 and earlier is considered at risk.
• windows / supply-chain:
Get-WinEvent -LogName Application -Filter "EventID = 4688 -Message contains 'Microsoft Purview'"• windows / supply-chain:
Get-Process -Name "PurviewService" | Select-Object -ExpandProperty Path• generic web: Use curl or wget to probe internal endpoints that Purview might access. Look for unexpected responses or error messages indicating SSRF activity. • generic web: Review access logs for unusual outbound requests originating from the Purview service's IP address.
disclosure
Status do Exploit
EPSS
0.09% (percentil 26%)
CISA SSVC
Vetor CVSS
The primary mitigation for CVE-2026-26138 is to upgrade Microsoft Purview to version 2.5.4 or later, which includes the necessary fix. If immediate upgrading is not feasible, consider implementing temporary workarounds such as restricting outbound network access for the Purview service to only necessary destinations. Employing a Web Application Firewall (WAF) with SSRF protection rules can also help to block malicious requests. Regularly review and audit network configurations to identify and minimize potential attack surfaces.
Microsoft lançou uma atualização de segurança para o Microsoft Purview que aborda esta vulnerabilidade. Aplique a atualização mais recente fornecida pela Microsoft para mitigar o risco de elevação de privilégios através de SSRF (Server-Side Request Forgery). Consulte o guia de atualização da Microsoft para obter instruções detalhadas.
Análise de vulnerabilidades e alertas críticos diretamente no seu e-mail.
CVE-2026-26138 is a server-side request forgery vulnerability in Microsoft Purview allowing unauthorized privilege escalation. It has a CVSS score of 8.6 (HIGH).
Yes, if you are using Microsoft Purview versions 1.0.0 or earlier, you are affected by this SSRF vulnerability.
Upgrade Microsoft Purview to version 2.5.4 or later to remediate the vulnerability. Consider temporary workarounds like restricting outbound network access if immediate upgrade is not possible.
Currently, there are no publicly known active exploitation campaigns, but the SSRF nature of the vulnerability warrants vigilance.
Refer to the official Microsoft security advisory for CVE-2026-26138 on the Microsoft Security Response Center website.
Envie seu arquivo de dependências e descubra na hora se esta e outras CVEs te atingem.