SYS::ONLINE
Wasteland.
Briefs1090
Issues17
SinceFeb 2026
LIVE
⚡ Active KEV CVE-2026-45499 2026-07-02

CVE-2026-45499: Critical SSRF in Azure OpenAI Enables Privilege Escalation

"A server-side request forgery flaw in Microsoft's Azure OpenAI service lets an authorized attacker escalate privileges over the network, earning a near-maximum CVSS score of 9.9."

A server-side request forgery flaw in Microsoft's Azure OpenAI service lets an authorized attacker escalate privileges over the network, earning a near-maximum CVSS score of 9.9.

What Is It

CVE-2026-45499 is a server-side request forgery (SSRF) vulnerability in Azure OpenAI, tracked under CWE-918. According to Microsoft, the flaw "allows an authorized attacker to elevate privileges over a network." It carries a CVSS 3.1 base score of 9.9 (CRITICAL), with the vector AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H. The combination of network attack vector, low complexity, only low privileges required, and no user interaction makes this an unusually accessible high-impact bug. The scope is marked Changed, meaning exploitation can affect resources beyond the initially compromised component.

Why It Matters

The impact ratings are uniformly high across confidentiality, integrity, and availability. An attacker who already holds low-level authorized access can leverage the SSRF to reach further into the service and elevate their privileges; a serious concern for a cloud AI platform that many organizations rely on for sensitive workloads. The 9.9 score sits just below the maximum, driven by the changed scope and full CIA impact. As of this writing, CISA's Known Exploited Vulnerabilities catalog does not list an entry for this CVE, so there is no confirmation of active exploitation in the wild.

What's Vulnerable

Microsoft tags this CVE as an "exclusively-hosted-service" vulnerability, indicating it affects the cloud-hosted service rather than customer-installed software.

Patch Status

The NVD record currently shows a vulnStatus of "Received," and it was published on 2026-07-02. Because Azure OpenAI is an exclusively hosted service, remediation is handled on Microsoft's side rather than requiring customer patching. The supplied source material does not specify a discrete required action or deadline. Administrators should consult Microsoft's MSRC update guide for the authoritative remediation status.

Sources