CVE-2026-26138 describes a server-side request forgery (SSRF) vulnerability within Microsoft Purview. This flaw allows an unauthorized attacker to potentially escalate privileges and gain access to resources on a network. The vulnerability impacts versions 1.0.0 and earlier, with a fix available in version 2.5.4.
The SSRF vulnerability in Microsoft Purview enables an attacker to craft malicious requests that the Purview service will execute on behalf of the attacker. This can lead to unauthorized access to internal network resources, potentially exposing sensitive data or allowing the attacker to perform actions they shouldn't be able to. Successful exploitation could involve accessing internal APIs, reading configuration files, or even interacting with other services within the network. The blast radius extends to any internal resource accessible via HTTP/HTTPS requests initiated by the Purview service, making it a significant security concern.
CVE-2026-26138 was publicly disclosed on 2026-03-19. Currently, there are no publicly available proof-of-concept exploits. The EPSS score is pending evaluation, but the SSRF nature of the vulnerability suggests a potential for medium to high exploitation probability given sufficient attacker knowledge and access. Monitor security advisories and threat intelligence feeds for any indications of active exploitation campaigns.
Organizations heavily reliant on Microsoft Purview for data governance and compliance are particularly at risk. Environments with complex internal network architectures and exposed internal services are also more vulnerable. Any deployment of Microsoft Purview versions 1.0.0 and earlier is considered at risk.
• windows / supply-chain:
Get-WinEvent -LogName Application -Filter "EventID = 4688 -Message contains 'Microsoft Purview'"• windows / supply-chain:
Get-Process -Name "PurviewService" | Select-Object -ExpandProperty Path• generic web: Use curl or wget to probe internal endpoints that Purview might access. Look for unexpected responses or error messages indicating SSRF activity. • generic web: Review access logs for unusual outbound requests originating from the Purview service's IP address.
disclosure
漏洞利用状态
EPSS
0.09% (26% 百分位)
CISA SSVC
CVSS 向量
The primary mitigation for CVE-2026-26138 is to upgrade Microsoft Purview to version 2.5.4 or later, which includes the necessary fix. If immediate upgrading is not feasible, consider implementing temporary workarounds such as restricting outbound network access for the Purview service to only necessary destinations. Employing a Web Application Firewall (WAF) with SSRF protection rules can also help to block malicious requests. Regularly review and audit network configurations to identify and minimize potential attack surfaces.
Microsoft 已发布 Microsoft Purview 的安全更新,以解决此漏洞。应用 Microsoft 提供的最新更新以降低通过 SSRF 提升权限的风险。请参阅 Microsoft 更新指南以获取详细说明。
漏洞分析和关键警报直接发送到您的邮箱。
CVE-2026-26138 is a server-side request forgery vulnerability in Microsoft Purview allowing unauthorized privilege escalation. It has a CVSS score of 8.6 (HIGH).
Yes, if you are using Microsoft Purview versions 1.0.0 or earlier, you are affected by this SSRF vulnerability.
Upgrade Microsoft Purview to version 2.5.4 or later to remediate the vulnerability. Consider temporary workarounds like restricting outbound network access if immediate upgrade is not possible.
Currently, there are no publicly known active exploitation campaigns, but the SSRF nature of the vulnerability warrants vigilance.
Refer to the official Microsoft security advisory for CVE-2026-26138 on the Microsoft Security Response Center website.
上传你的依赖文件,立即了解此CVE和其他CVE是否影响你。