CVE-2026-48584— Microsoft Azure Synapse Elevation of Privilege Vulnerability

CVSS 9.9 · Critical EPSS 0.50% · P39 Updated Jun 27, 2026

Possible ATT&CK Techniques 1AI

T1068 · Exploitation for Privilege Escalation

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2026-48584

AIGC Shenlong Model
NVD (National Vulnerability Database)

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

Microsoft Azure Synapse Elevation of Privilege Vulnerability

Source: NVD (National Vulnerability Database)

Vulnerability Description

Execution with unnecessary privileges in Azure Synapse allows an authorized attacker to elevate privileges over a network.

Source: NVD (National Vulnerability Database)

CVSS Information

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Source: NVD (National Vulnerability Database)

Vulnerability Type

带着不必要的权限执行

Source: NVD (National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
Microsoft	Azure Synapse	-	-

II. Public POCs for CVE-2026-48584

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2026-48584

请登录查看更多情报信息。

Vendor Advisories for CVE-2026-48584 (1)

🔗 CVE-2026-48584 - Security Update Guide - Microsoft - Microsoft Azure Synapse Elevation of Privilege Vulnerabilityvendor-advisorypatch

https://nvd.nist.gov/vuln/detail/CVE-2026-48584

Same Patch Batch · Microsoft · 2026-06-19 · 8 CVEs total

CVE-2026-45480	10.0 CRITICAL	Azure Active Directory Elevation of Privilege Vulnerability
CVE-2026-48582	9.6 CRITICAL	Microsoft Exchange Online Elevation of Privilege Vulnerability
CVE-2026-47645	8.8 HIGH	Microsoft 365 Copilot's Business Chat Elevation of Privilege Vulnerability
CVE-2026-32208	8.8 HIGH	Microsoft Edge (Chromium-based) Spoofing Vulnerability
CVE-2026-50519	6.5 MEDIUM	Microsoft Visual Studio Code CoPilot Chat Security Feature Bypass Vulnerability
CVE-2026-42895	6.5 MEDIUM	Microsoft Copilot Tampering Vulnerability
CVE-2026-49336		@microsoft/kiota-http-fetchlibrary: Bearer token and Cookie leak across origin on redirect

IV. Related Vulnerabilities

Same vendor: Microsoft

Same weakness: CWE-250

V. Comments for CVE-2026-48584

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2026-48584— Microsoft Azure Synapse Elevation of Privilege Vulnerability

Possible ATT&CK Techniques 1AI

I. Basic Information for CVE-2026-48584

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2026-48584

III. Intelligence Information for CVE-2026-48584

Vendor Advisories for CVE-2026-48584 (1)

Same Patch Batch · Microsoft · 2026-06-19 · 8 CVEs total

IV. Related Vulnerabilities

V. Comments for CVE-2026-48584

Leave a comment