{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-32173", "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "state": "PUBLISHED", "assignerShortName": "microsoft", "dateReserved": "2026-03-10T23:09:43.266Z", "datePublished": "2026-04-02T23:27:00.374Z", "dateUpdated": "2026-04-03T17:22:48.887Z"}, "containers": {"cna": {"title": "Azure SRE Agent Information Disclosure Vulnerability", "datePublic": "2026-04-02T14:00:00.000Z", "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:microsoft:azure_sre_agent_gateway_signalR_hub:*:*:*:*:*:*:*:*", "versionStartIncluding": "-"}]}]}], "affected": [{"vendor": "Microsoft", "product": "Azure SRE Agent Gateway - SignalR Hub", "versions": [{"version": "-", "status": "affected"}]}], "descriptions": [{"value": "Improper authentication in Azure SRE Agent allows an unauthorized attacker to disclose information over a network.", "lang": "en-US"}], "problemTypes": [{"descriptions": [{"description": "CWE-287: Improper Authentication", "lang": "en-US", "type": "CWE", "cweId": "CWE-287"}]}], "providerMetadata": {"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft", "dateUpdated": "2026-04-03T17:22:48.887Z"}, "references": [{"name": "Azure SRE Agent Information Disclosure Vulnerability", "tags": ["vendor-advisory", "patch"], "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32173"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en-US", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "baseSeverity": "HIGH", "baseScore": 8.6, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C"}}], "tags": ["exclusively-hosted-service"]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-32173", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-04-03T13:43:51.736869Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-03T13:56:03.727Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"cna": {"tags": ["exclusively-hosted-service"], "title": "Azure SRE Agent Information Disclosure Vulnerability", "metrics": [{"format": "CVSS", "cvssV3_1": {"version": "3.1", "baseScore": 8.6, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C"}, "scenarios": [{"lang": "en-US", "value": "GENERAL"}]}], "affected": [{"vendor": "Microsoft", "product": "Azure SRE Agent Gateway - SignalR Hub", "versions": [{"status": "affected", "version": "-"}]}], "datePublic": "2026-04-02T14:00:00.000Z", "references": [{"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32173", "name": "Azure SRE Agent Information Disclosure Vulnerability", "tags": ["vendor-advisory", "patch"]}], "descriptions": [{"lang": "en-US", "value": "Improper authentication in Azure SRE Agent allows an unauthorized attacker to disclose information over a network."}], "problemTypes": [{"descriptions": [{"lang": "en-US", "type": "CWE", "cweId": "CWE-287", "description": "CWE-287: Improper Authentication"}]}], "cpeApplicability": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:azure_sre_agent_gateway_signalR_hub:*:*:*:*:*:*:*:*", "vulnerable": true, "versionStartIncluding": "-"}], "operator": "OR"}]}], "providerMetadata": {"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft", "dateUpdated": "2026-04-02T23:27:00.374Z"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-32173", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-04-03T13:43:51.736869Z"}}}], "providerMetadata": {"shortName": "CISA-ADP", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "dateUpdated": "2026-04-03T13:48:30.813Z"}}]}, "cveMetadata": {"cveId": "CVE-2026-32173", "state": "PUBLISHED", "dateUpdated": "2026-04-02T23:27:00.374Z", "dateReserved": "2026-03-10T23:09:43.266Z", "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "datePublished": "2026-04-02T23:27:00.374Z", "assignerShortName": "microsoft"}, "dataVersion": "5.2"}

{"cveTags": [{"sourceIdentifier": "secure@microsoft.com", "tags": ["exclusively-hosted-service"]}], "descriptions": [{"lang": "en", "value": "Improper authentication in Azure SRE Agent allows an unauthorized attacker to disclose information over a network."}], "id": "CVE-2026-32173", "lastModified": "2026-04-03T16:10:23.730", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.6, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 4.0, "source": "secure@microsoft.com", "type": "Primary"}]}, "published": "2026-04-03T00:16:04.547", "references": [{"source": "secure@microsoft.com", "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32173"}], "sourceIdentifier": "secure@microsoft.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-287"}], "source": "secure@microsoft.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": null}], "enrichment": {"confidence": 100.0, "confidence_source": "manual", "scores": [{"score": 100.0, "source": "manual"}]}, "original": {"product": "Azure SRE Agent Gateway - SignalR Hub", "source": "cna", "vendor": "Microsoft"}, "product": "azure_sre_agent_gateway", "vendor": "microsoft"}], "analysis": {"en": {"generated_at": "2026-04-03T02:21:20.746533+00:00", "value": {"mitigation_remediation": ["Check Microsoft\u2019s Security Update Guide for Azure SRE Agent Gateway - SignalR Hub to find any available patches.", "Apply the latest patch or update as soon as possible to eliminate the authentication flaw.", "If no patch is currently available, restrict network access to the SignalR Hub to trusted IP addresses and block unauthenticated traffic."], "summary": {"action": "Apply Patch", "impact": "Information Disclosure"}, "threat_synthesis": {"affected_systems": "Microsoft Azure SRE Agent Gateway - SignalR Hub. No specific versioning data is provided, so all current installations may be vulnerable until a patch is applied.", "description_and_impact": "The vulnerability arises from improper authentication in Azure SRE Agent Gateway, allowing an unauthorized attacker to read information transmitted over the network. This flaw permits disclosure of potentially sensitive data, constituting a high\u2011severity information\u2011leak issue as reflected by the CVSS score of 8.6. The weakness corresponds to CWE\u2011287, authentication failure, and directly undermines confidentiality when exploited.", "risk_and_exploitability": "The CVSS score indicates a high risk, but the EPSS score is unknown and the vulnerability is not listed in CISA\u2019s KEV catalog, implying no widespread known exploitation yet. Attackers would need to target the SignalR Hub\u2019s authentication mechanism, likely via network traffic that bypasses or circumvents the expected authentication checks. The lack of explicit mitigations suggests the vulnerability could be exploited by an external attacker with network access, but no evidence of active exploitation is documented."}}}}, "created": "2026-04-03T07:31:17.570499+00:00", "updated": "2026-04-03T09:16:05.661974+00:00", "vendors": ["microsoft", "microsoft$PRODUCT$azure_sre_agent_gateway"]}